Re: Firewalls and Postgres

On Wed, 29 Jan 2003 16:47:35 +0100 in message <200301291647(dot)35376(dot)lists(at)klawitter(dot)de>, Holger Klawitter <lists(at)klawitter(dot)de> wrote:
> Am Mittwoch, 29. Januar 2003 22:11 schrieb Tony Grant:
> > On Wed, 2003-01-29 at 10:04, Alan Carbutt wrote:
> > > Does anyone know if postgres uses any additional ports that might be
> > > blocked by a firewall? I'm setting up a data warehouse prototype using
> > > pgAccess as the front end and I'm not having too much success with
> > > firewalling. Any help is greatly appreciated
> >
> > 5432 works fine with my firewall.
> >
> > I can not figure yet how to do ssh port forwarding on it. Any tips
> > appreciated.
>
> No problems with that (at least with openssh), even through a firewall:
>
> ssh -l my-secret-key-file -n -N \
> -L 15432:other.host.com:5432 \
> other.host.com </dev>
> psql -h localhost -p 15432 my_database
>
> However,you have to keep in mind that this connection ends up on
> other.host.com as a tcp/ip connection on 11.22.33.44, not on 127.0.0.1.
> Might need some tweaking in postgresl.conf and pg_hba.conf.

I don't think you're right here ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

on one machine:

ssh -L 15432:127.0.0.1:5432 eds (+ pw and stuff)
psql -p 15432 -h localhost

and on the other I see:
[eds:ops/logs] erics% ps ax | grep post
272 ?? S 0:01.75 /usr/local/bin/postmaster -i -D /Volumes/db/pgsql/data
313 ?? S 0:00.01 postgres: stats buffer process
314 ?? S 0:00.15 postgres: stats collector process
1363 ?? S 0:00.08 postgres: erics erics 127.0.0.1 idle

[eds:ops/logs] erics% netstat -a | grep 5432
tcp 0 0 localhost.5432 localhost.51398 ESTABLISHED
tcp 0 0 localhost.51398 localhost.5432 ESTABLISHED
tcp 0 0 *.5432 *.* LISTEN

It's pretty clearly coming in over loopback internet sockets.

eric