Re: Port forwarding via iptables to postgres listening locally

From: Craig Ringer <craig(at)postnewspapers(dot)com(dot)au>
To: David Resnick <abunetta(at)gmail(dot)com>
Cc: pgsql-general(at)postgresql(dot)org, zhong ming wu <mr(dot)z(dot)m(dot)wu(at)gmail(dot)com>
Subject: Re: Port forwarding via iptables to postgres listening locally
Date: 2011-06-19 09:21:26
Message-ID: 4DFDBF96.7000006@postnewspapers.com.au
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On 06/19/2011 12:07 PM, David Resnick wrote:
> Hi,
>
> I have a posgres instance configured to listen at the localhost default.
> I'm trying to enable port forwarding via iptables. I set up the
> following rule:
>
> iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp
> --dport 5432 -j REDIRECT
>
> and can see that it is redirecting packets received at port 5432. But I
> am unable to establish a remote connection to the postgres instance.

The arguments "0/0" to source and destination make absolutely no sense.
I assume you're trying to hide the real values? If not, there's your
problem.

If your real rule has real IPs and ports, then you have other rules
getting in the way. If iptables is correctly configured you should be
getting a working connection. Most likely you have a port-based or
IP-based OUTPUT or FORWARD rule that's dropping reply packets.

Use wireshark on the postgresql server to see whether it receives the
transformed packets and if so whether it tries to reply to them. See
what address and port is in the reply. Enable connection logging in
postgresql and see if it logs any connection attempts.

--
Craig Ringer

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Craig Ringer 2011-06-19 09:33:12 Re: random backend crashes - how to debug ( Is crash dump handler released ? )
Previous Message Pavel Stehule 2011-06-19 08:20:42 Re: Referencing function value inside CASE..WHEN