I have access remote postgesql psql -h xxx.xxx.xxx.xxx -p 1486 postgres
It's show this error
psql: could not connect to server: Connection refused
Is the server running on host "xxx.xxx.xxx.xxx" and accepting
TCP/IP connections on port 1486?
postgresql.conf file
listen_addresses = '*'
pg_hba.conf file
host all all 0.0.0.0/0 md5
Also apply open 1486 port
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d X.X.X.X --dport 1486 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s X.X.X.X --sport 1486 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
It's return same error.
It's hard to give a canonical answer but here are a few things to try (some of them may not apply / be possible):
Ping the IP address in question - is the server up at all / reachable? Are there other services on the box that can be reached?
Connect from a local connection on the server itself, assuming you have console or ssh access
If you have local access and network based access doesn't work, is unix-domain socket access allowed and if so, does that work?
Check the port config in postgresql.conf - is it really where you think it is?
Has the config file been edited since the last server restart? The parameters you listed all require server restarts to take effect.
Is it actually using the config file you think it is? Running "SHOW config_file;" as superuser will help if you can make a local connection
What happens is you do telnet 1486? Do you get a network connection or similar error?
Get a pcap and check what's happening at the network level (wireshark or tcpdump will help)
Related
I have to centos server in my local network
Server 1: 192.168.0.200
Server 2: 192.168.0.201
On server 1, I have a PostgreSQL database
I need to access that database from server 2
On postgresql.conf I have changed listen_addresses = 'localhost,192.168.0.201'
and to pg_hba.conf i added host all all 192.168.0.0/24 trust
To Iptables i added the following:
iptables -A INPUT -p tcp -s 192.168.0.201 --sport 1024:65535 -d 192.168.0.200 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 192.168.0.200 --sport 5432 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
Any idea what I did wrong...
All of this I did researching the internet, since I'm a Linux newbie
Any help is mostly welcome :)
----- UPDATE----
Changed listen_addresses = '*'
But still not working...
Also from another server I tryed: nc -z -w5 192.168.0.200 5432; echo $?
And I got a 1 as a result, so no conection...
I guess the problem are the iptables.. any idea?
----- UPDATE----
Found it.. this system is Centos 7, so it seems it does not use iptables... I added
firewall-cmd --zone=public --add-port=5432/tcp --permanent
firewall-cmd --reload
This solved my problem
You have the listen_addresses wrong. It is the address of the interface on the database server, not the address of the machine that you will be connecting from. Use 192.168.0.200, or '*' for all interfaces.
When attempting to connect to PostgreSQL from a remote Windows server using pgAdmin 1.16.1 I get the dreaded 'Server doesn't listen' message with 'could not connect to server: Connection timed out (0x0000274C/10060) Is the server running on host "xxx.xx.xxx.xx" and accepting TCP/IP connections on port 5432'.
I'm running PostgreSQL 9.3 on CentOS 6.4. Here's what I've tried so far:
I can access the database locally with psql --username=postgres. The database is there, it's running and I can query it
In postgresql.conf, I've set
listen_addresses = '*'
port = 5432
In pg_hba.conf, I've got the server that I am trying to access the database from listed as:
host all all xxx.xx.xxx.0/24 md5
SELinux is turned off (getenforce gets the response Disabled)
Just in case I've added port 5432 to the IPTables
iptables -A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT
I've gone into postgresql with psql and set the password (although I'm convinced it was already set correctly)
ALTER USER postgres WITH PASSWORD '*************';
Typing netstat -angives these references to port 5432 (not sure they are relevant):
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN
tcp 0 0 :::5432 :::* LISTEN
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 677454 /tmp/.s.PGSQL.5432
I can ping from the remote server to the database server
I have no problem connecting to another server running PostgreSQL 9.1 on Ubuntu from the same remote server using the same installation of pgAdmin
I'm stumped. Does anyone have a clue to what more could be wrong? And yes, I did remember to restart the server after changing the config files. I believe that I've read every other post on the subject.
Maybe you forgot add OUTPUT rule?
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d xx.xx.xx.xx --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s xx.xx.xx.xx --sport 5432 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
xx.xx.xx.xx - your server IP
So I'm using AWS using EC2 and I'm trying to open up a port for Postgresql. In AWS I already have it open:
TCP
Port (Service) Source Action
0 - 65535 sg-92aadda2 (default) Delete
22 (SSH) 0.0.0.0/0 Delete
80 (HTTP) 0.0.0.0/0 Delete
5432 0.0.0.0/0 Delete
When I do netstat it looks as though the port is listening:
# netstat -an | grep 5432
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN
When I do a localhost nmap I get the following:
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000010s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
5432/tcp open postgresql
And here's where the fun begins. When I do an nmap from an alternative host I get the following:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
5432/tcp closed postgresql
I also looked at my iptables to see if I was missing something, but the iptables look empty (which should mean they aren't really doing much)
$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:postgresql
ACCEPT icmp -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Am I missing something cause I can't seem to figure out how to access the ip. Whenever I try I get the following error:
Is the server running on host "xx.xx.xx.xx" and accepting TCP/IP connections on port 5432?
How do I make it so that I can open up the port so that external servers have access to it? Thanks in advance =) Lemme know if you need any additional data.
EDIT: As asked below, I tested telnetting, and I was able to telnet into the localhost, but when attempting from the outside I get:
$ telnet xx.xx.xx.xx 5432
Trying xx.xx.xx.xx...
telnet: Unable to connect to remote host: Connection refused
Also, I double checked and I was properly able to telnet into ssh:
$ telnet xx.xx.xx.xx 22
Trying xx.xx.xx.xx...
Connected to xx.xx.xx.xx.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1
Edit /etc/postgresql/<version>/main/postgresql.conf and set the listen_addresses to your outgoing interface or all. Restart postgresql: sudo service postgresql restart.
It works for me the last method (thks Julio):
Edit: postgresql.conf
sudo nano /etc/postgresql/9.3/main/postgresql.conf
Enable or add:
listen_addresses = '*'
Restart the database engine:
sudo service postgresql restart
Besides, you can check the file: pg_hba.conf
sudo nano /etc/postgresql/9.3/main/pg_hba.conf
And add your network or host address:
host all all 192.168.1.0/24 md5
If you have edited postgresql.conf and main/pg_hba.conf and still having a problem, please try
sudo ufw allow 5432/tcp
to unblock psql port
In case you are using docker to connect to the host's postgresql you have to use the host's ip which you can obtain by running ip addr show docker0 hope it helps someone.
I've got pgAdmin running on my XP machine. There's a Centos machine running a Postgres server on the network. The Postgres server pg_hba.conf file has the following lines
TYPE DATABASE USER CIDR-ADDRESS METHOD
host all all 10.0.0.68/32 trust
local mydb myuser password
local all postgres ident
host mydb myuser 10.0.0.68/32 password
host all postgres 10.0.0.68/32 trust
My postgresql.conf file has the following line:
listen_address = 'localhost, 10.0.20.10'
nmap -sS 10.0.20.10 shows:
PORT STATE SERVICE
5432/tcp open postgresql
I can ssh into a bash shell on the server, but I can't connect with pgAdmin. I get the following:
could not connect to server: No route to host(0x00002751/10065) Is the
server running on host "10.0.20.10" and accepting TCP/IP connections
on port 5432?
I've no idea what the problem is.
#Aidan found the solution himself:
It was a firewall issue.
service iptables stop
enabled the connection. I'll just write a rule to allow the connection.
Suppose server's IP address is 10.0.20.10 then you could just add these iptable rules as #Dark Star1 proposed in comments:
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 10.0.20.10 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 10.0.20.10 --sport 5432 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
I installed mongoDB through the official tutorial http://www.mongodb.org/display/DOCS/Building+for+Linux
The daemon starts up, a netstat-na | grep 27017 shows:
tcp 0 0 0.0.0.0:27017 0.0.0.0: * LISTEN
unix 2 [ACC] STREAM LISTENING 100949 / tmp/mongodb-27017.sock
I added these iptables rules:
-A INPUT-p tcp-m tcp - dport 27017-j ACCEPT
-A INPUT-p tcp-m tcp - dport 28017-j ACCEPT
When loading through the browser, I get well on the web management interface in 28017
If I add a remote connection on mongoHQ, I get to use the database
By cons, if I run the client locally, an error is raised:
Error: could not connect to server 127.0.0.1 shell / mongo.js: 79 except: connect failed
Same if I try to use the database on an existing project, can't connect to it.
I turn around, I do not understand, thank you in advance for your help.
Solution if you have this problem :
iptables -t filter -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
iptables -t filter -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
And it's ok ^^
Does the firewall need to be explicitly opened on port 27017 to allow outbound TCP connections?
iptables -A OUTPUT -p tcp --dport 27017 -j ACCEPT