From: | "Nigel J(dot) Andrews" <nandrews(at)investsystems(dot)co(dot)uk> |
---|---|
To: | Network Administrator <netadmin(at)vcsn(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: - what protocol for an Internet postgres |
Date: | 2003-05-20 20:14:36 |
Message-ID: | Pine.LNX.4.21.0305202105290.14538-100000@ponder.fairway2k.co.uk |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Tue, 20 May 2003, Network Administrator wrote:
> Sorry for being MIA gentlemen but I thought I would just pop a note in here- my
> apologies if this has been answered already it has been 4 days :)
>
> On the firewall thing- the only port I have open is 22. The trick was to make
> sure the sshd process was going allow X11 forwarding.
I almost hate to restart this thread along with you but...but do you why X11
forwarding makes the difference?
It never occured to me to flip the X11 forwarding toggle for the ssh comms corp
client because a) I don't have a x server running on the Windows systems (nor
do the developers) and b) X11 forwarding isn't the same thing as tunneling to a
remote postgres server. I do not have it set fwiw.
> On the client side, whether it ssh or say PuTTY, you have to make sure you are
> allowing X11 connections back to yourself.
>
> For example the default ssh on the slackware run-time CD does not have this
> feature enabled so if I'm at a clients site, I boot from this CD, mount my
> floppy with my private key on it and type something like this (in an xterm
> window after I bring up X-windows):
>
> ssh -X -C -i /mnt/privkey someaccount(at)someserver(dot)com
>
> The "-C" compresses the datastream. At this point, I can launch X apps and
> they'll display on my screen.
>
> I'll provide the exact options if needed...
That could be useful but I'm starting to wonder if we're on about slightly
different things. I'm on about a client process on a local system talking to a
postgresql server on a remote system. May be you are concerned with the issue
of logging into a remote system and running client applications there but
displaying on the local system?
On the documentation front, I don't think this is a 7.3 series issue but just
so you know I'll probably not get around to do anything before the deadline
this week.
> I agree Tom, I don't quite understand why you are not seeing the traffic unless
> it is denied.
You can still colour me baffled on that.
>
> Quoting Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
>
> > "Nigel J. Andrews" <nandrews(at)investsystems(dot)co(dot)uk> writes:
> > > I probably wasn't clear. The rule was a _permit_ from localhost to any
> > remote
> > > host/port for something that looked like a core Windows service. I never
> > saw
> > > the network traffic (with tcpdump of course) for the port forwarding until
> > I
> > > disabled that permit rule, thereby actually tightening the firewall.
> >
> > [ scratches head... ] That makes no sense at all to me; does it to you?
> >
> > regards, tom lane
> >
--
Nigel J. Andrews
From | Date | Subject | |
---|---|---|---|
Next Message | Network Administrator | 2003-05-20 20:17:57 | Re: pgAdmin II Download |
Previous Message | Network Administrator | 2003-05-20 20:10:56 | Re: - what protocol for an Internet postgres |