I'm trying to create a tunnel to a remote server, using this command:
sudo ssh -i ~/.ssh/id_rsa -g -L 5433:remote-ip:5432 user#dbserver.com -v
So, the goal is to set up tunnel that listens on local port 5433 and redirects the request to dbserver.com:5432
I have Teampostgresql set up on my local machine and try to connect to the remote DB, using the tunnel.
When I set up the tunnel and try to connect, I can see the following message in the terminal window:
debug1: channel 3: free: direct-tcpip: listening port 5433 for 127.0.0.1 port 5432,
connect from 127.0.0.1 port 51893 to 127.0.0.1 port 5433, nchannels 5
Unfortunately, it's not working.
Any ideas what I'm doing wrong?
[Edit]
Changed the localhost to remote-host IP, as recommended by the first commenter (who, interestingly, deleted the comment)...
[Edit2]
As per request, the results from netstat -nlp | grep 5432
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN -
unix 2 [ ACC ] STREAM LISTENS 15963 - /tmp/.s.PGSQL.5432
unix 2 [ ACC ] STREAM LISTENS 15961 - /var/run/postgresql/.s.PGSQL.5432
Related
I have set up Postgresql on a remote server, and for some reason I cannot connect to the 5432 port on the server even after opening up the port, deactivating firewall, etc.
I have checked that the database is listening to all addresses with
listen_addresses = '*':
postgresql.conf:
SHOW listen_addresses:
changed pg_hba.conf:
checked that port number 5432 is open and listening with
netstat -nlp | grep 5432
checked that firewall is inactive with sudo ufw status
and still I get Operation timed out error message after performing both
nc -v [ip_address] 5432
watch "nc -v [ip_address] 5432"
Can anyone tell me what I can do to enable connection to the remote server from external network?
I am, for the first time, attempting to set up an application on a remote/cloud VPS (I am using Digital Ocean if it matters). I am attempting to create an SSH tunnel from my client to the remote database. As this is not something I have attempted before, I referenced this, this, and this.
After looking over the articles, I ran the following on my client/local machine:
ssh -L 5433:localhost:5432 user#REMOTE_IP
then I tried to connect:
psql -h localhost -p 5433 postgres;
However, I receive the following error:
psql: could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5433?
To my knowledge, my pg_hba.conf (on the remote server) is the default:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
I changed "listen_addresses" in postgresql.conf to *
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
I also tried substituting 127.0.0.1 forlocalhost with no success.
Any advice would be appreciated; SSH tunnels and the like are not something I am familiar with.
Thanks.
EDIT:
Per #drdaeman excellent advice, I ran the following:
sudo ssh -N -vvv -L 5433:localhost:5432 user#host
The last few debug lines are as follows:
debug1: Local forwarding listening on 127.0.0.1 port 5433.
debug2: fd 5 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 1: new [port listener]
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug1: Requesting no-more-sessions#openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0
Output from sudo netstat -ltpn | grep 5432
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 5835/postgres
It stops there, unresponsive to any commands.
Thanks for any direction.
Based on your description, everything looks OK to me - don't see where the problem is, but the commands you're running and your configuration looks correct. Here are the general steps you can take to diagnose the issue:
First, check if your PostgreSQL server is actually listening. On your server, run this:
$ sudo netstat -ltpn | grep 5432
(Or you can use ss -ltpn from iproute2 instead of older netstat)
If you don't see anything, it means no process is listening on tcp/5432. You can try to see if PostgreSQL is listening anywhere at all:
$ sudo netstat -lpn | grep postgre
If it doesn't - check whenever your server is actually running (depends on the OS and distribution, but check ps aux output first) and check your server logs (probably in /var/log) if you see any problems there.
Then, make sure you don't accidentally run psql on your server (when you SSH, it also opens the shell session unless you specify the -N flag). You need to run it on your local machine ;)
Then, you may also consider adding -v (or even -vvv) to your ssh command - it'll spew a lot of useful debug information, e.g. a normal operation looks like this:
debug1: Connection to port 5433 forwarding to localhost port 5432 requested.
debug1: channel 3: new [direct-tcpip]
debug1: channel 3: free: direct-tcpip: listening port 5433 for localhost port 5432, connect from ::1 port 60039 to ::1 port 5433, nchannels 4
If you see something like channel 3: open failed: connect failed: Connection refused instead, this means PostgreSQL had refused the connection - and you need to check its logs for the reasoning - possibly, after enabling log_connections and log_disconnections in the config (don't forget to reload the configuration).
I have followed all the advice I've found online, but I can't seem to get this to work.
Background:
I have setup Postgresql 9.6 on a server running RHEL 6.8. I am trying to remotely connect to this server's Postgresql service from a client running Linux Mint 17.3.
What I've tried:
1) In postgresql.conf, I added these two lines:
listen_addresses = '*'
port = 5432
2) In pg_hba.conf, I added this line:
host all all 0.0.0.0/0 md5
3) Restarted postgresql server afterwards:
service postgresql-9.6 restart
4) Added rule to firewall to allow connections to port 5432 just in case:
iptables -A INPUT -s 0/0 -p tcp --dport 5432 -j ACCEPT
5) Ran netstat -tulpn | grep 5432 and got this output:
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 2625/postmaster
tcp 0 0 ::::5432 :::* LISTEN 2625/postmaster
Here is the command I ran to connect to my server from the client:
psql -h my_host_name -d my_database_name -U postgres
And I got the following output:
psql: could not connect to server: Connection timed out
Is the server running on host "my_host_name" (my_ip_address) and accepting
TCP/IP connections on port 5432?
Question:
What else can I do to further troubleshoot this issue?
Turns out there was another firewall on our network that I wasn't taking into account. To anybody else dealing with this issue, make sure that you are absolutely sure that you are not dealing with a firewall.
I'm struggling to enable remote connection on Postgres running on Ubuntu. I've done the following steps:
Opened up the firewall; running sudo netstat -ntlp | grep LISTEN gives me:
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 2947/postgres
Added in listen_addresses to postgresql.conf:
listen_addresses='*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
Added in the connection table in pg_hba.conf as follows:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
I can connect locally but I cannot connect remotely; not even connecting via telnet works. It just says connection refused. Has anyone got an idea as to the cause of the problem?
Thanks.
Cheers,
Neil
Restart postgres
Check if it's listening on all interfaces
# netstat -lnp --tcp | grep postgres
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 6096/postgres
Add host line to pg_hba.conf:
host all all 0.0.0.0/0 md5
Add a password for your user
$ sudo -u postgres psql
postgres=# \password username
When attempting to connect to PostgreSQL from a remote Windows server using pgAdmin 1.16.1 I get the dreaded 'Server doesn't listen' message with 'could not connect to server: Connection timed out (0x0000274C/10060) Is the server running on host "xxx.xx.xxx.xx" and accepting TCP/IP connections on port 5432'.
I'm running PostgreSQL 9.3 on CentOS 6.4. Here's what I've tried so far:
I can access the database locally with psql --username=postgres. The database is there, it's running and I can query it
In postgresql.conf, I've set
listen_addresses = '*'
port = 5432
In pg_hba.conf, I've got the server that I am trying to access the database from listed as:
host all all xxx.xx.xxx.0/24 md5
SELinux is turned off (getenforce gets the response Disabled)
Just in case I've added port 5432 to the IPTables
iptables -A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT
I've gone into postgresql with psql and set the password (although I'm convinced it was already set correctly)
ALTER USER postgres WITH PASSWORD '*************';
Typing netstat -angives these references to port 5432 (not sure they are relevant):
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN
tcp 0 0 :::5432 :::* LISTEN
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 677454 /tmp/.s.PGSQL.5432
I can ping from the remote server to the database server
I have no problem connecting to another server running PostgreSQL 9.1 on Ubuntu from the same remote server using the same installation of pgAdmin
I'm stumped. Does anyone have a clue to what more could be wrong? And yes, I did remember to restart the server after changing the config files. I believe that I've read every other post on the subject.
Maybe you forgot add OUTPUT rule?
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d xx.xx.xx.xx --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s xx.xx.xx.xx --sport 5432 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
xx.xx.xx.xx - your server IP