Re: PostgreSQL and IPV6

Fine, thanks for your answer, I'll then use a subnet IP in my pg_hba.conf.
Because, as far as i understand well your answer, the address terminating
with 18cf might change after a computer restart...

Also on the linux side i had to do something to fix IPV6 address otherwise
it was changing at every WiFi connection/deconnection...

2012/11/3 Martijn van Oosterhout <kleptog(at)svana(dot)org>

> On Sat, Nov 03, 2012 at 09:11:51AM +0100, Yvon Thoraval wrote:
> > I'm using to computers :
> > - a laptop under Xubuntu 12.04 with PostgreSQL 9.1
> > - a desktop under Mac OS X Mountain Lion with PostgreSQL 9.2
> >
> > After the switch to Mountain Lion, i had a small prob connecting to a
> > database on my laptop.
>
> <snip>
>
> > However when connecting from desktop to laptop, altough the IPV6 address
> of
> > my desktop is in my pg_hba.conf,psql rejected the connection because an
> > address terminating by "18cf" isn't in my pg_hba.conf.
> >
> > Then i did verify my mac os x setup showing that this address is a valid
> > one for my desktop, in fact my desktop does have up to eight IPV6
> addresses.
>
> IIRC MacOS X uses the IPv6 privacy extensions which means that clients
> will regularly get different source IPs. The machine does this by
> adding a new address every now and then.
>
> A side effect of this is that you can't firewall on specific IP. A few
> things I can think of:
>
> - Find a way to fix the IP address.
>
> - Use the link-local address (beginning with fe80) as they won't
> change. Only works on a single network ofcourse.
>
> - Allow the whole subnet, rather than individual IPs.
>
> > Why, in one direction from laptop to desktop i use successfully :
> >
> > psql -h IPV6-terminating-by-2559
> >
> > and the other way, from desktop to laptop this is
> IPV6-terminating-by-18cf
> > being seen by the laptop's PostgreSQL ?
>
> Linux does not use privacy extensions by default, so the IP address
> doesn't change. Maybe that explains it?
>
> Have a nice day,
> --
> Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> > He who writes carelessly confesses thereby at the very outset that he
> does
> > not attach much importance to his own thoughts.
> -- Arthur Schopenhauer
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQIVAwUBUJTgV0vt++dL5i1EAQiJyg//XevrCIinp0TI6A5mkwzF9ct+QOIaArwI
> 2NI1q9TJy1ojWpVX1/YLEEyn4v4SWiULhg3XyNKxE/kYbUWL+ZyAwc9PTf/USTKi
> /1+p3dzEinNc68Gu7vNbgc8X7jzg6dPlJdnx68rccac5cnVpgofSZNjGyfDjJDHa
> j4+2hjc4eo0vz/MXMstqWZ/WWB77xmQNc10s/NGMSy8YxBY+6PcJ7Al9I/7ntgiE
> n6j3N/UyTk1EeLrPfeXScShqjUObGS85WQ8paOtY2D6fax1IbvbucqYyAnoLcvP9
> I47WV2h98rlwAQSD4BfWpDTc0MHvzsHIOM+QU2AyNZ4TKvp+9drKIUHRPAwAzL/n
> B5Io5HSFppWJLKOsnybzUhIBob4Rm4lIjONw9mi+B0j6XtXLzIcm/snqkYIYnQwI
> VEvkifueIf2p3wH82ccQKC8BUyh4GWKgJNUN/7ZvhQYDbUDWNDHg10vS9vd5imxG
> urOpIFfWexLg56lhoRdOvxtc4pz09c0rrNzgLzfhC/RDmOp6lJVDGSwynxhntCYX
> QI8rdjTT4/uERBuVFy4T6ZDW7Y4TzznIjVWWOdIfuJHOa+dR0iNBzgWDxKWUPr1i
> BJCrY6dirWzJT+jSDR6dF8RdJ/OZ4GhC3lPjkIOQg15m8fSQy/W9FRb+PnRgabTr
> LPuKb/12y78=
> =tnB1
> -----END PGP SIGNATURE-----
>
>

--
Yvon