We Keep Coding

psql: could not connect to server: Connection refused

I have access remote postgesql psql -h xxx.xxx.xxx.xxx -p 1486 postgres
It's show this error
psql: could not connect to server: Connection refused
Is the server running on host "xxx.xxx.xxx.xxx" and accepting
TCP/IP connections on port 1486?
postgresql.conf file
listen_addresses = '*'
pg_hba.conf file
host all all 0.0.0.0/0 md5
Also apply open 1486 port
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d X.X.X.X --dport 1486 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s X.X.X.X --sport 1486 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
It's return same error.

It's hard to give a canonical answer but here are a few things to try (some of them may not apply / be possible):
Ping the IP address in question - is the server up at all / reachable? Are there other services on the box that can be reached?
Connect from a local connection on the server itself, assuming you have console or ssh access
If you have local access and network based access doesn't work, is unix-domain socket access allowed and if so, does that work?
Check the port config in postgresql.conf - is it really where you think it is?
Has the config file been edited since the last server restart? The parameters you listed all require server restarts to take effect.
Is it actually using the config file you think it is? Running "SHOW config_file;" as superuser will help if you can make a local connection
What happens is you do telnet 1486? Do you get a network connection or similar error?
Get a pcap and check what's happening at the network level (wireshark or tcpdump will help)

Prevent access from outside, mongodb

Got a server exposed to the recent MongoDB ransom scam. https://www.bleepingcomputer.com/news/security/mongodb-databases-held-for-ransom-by-mysterious-attacker/
I closed it down until I fixed this.
What's the easiest way to fix this? Is to add a user?
mongo
use admin
db.createUser( { user: "root", pwd: "password", roles: [ "root" ] } )
Is this enough to avoid getting hacked?

Expanding on #Sammye's comment mongodb has often no password for a database user. This is especially problematic if the database is facing the public internet because, just by trying the right port on the ip adress of your server everyone in the internet could theoretically connect to the database server.
To prevent this it is always a good idea to limit the traffic that can reach your server and its ports by a firewall.
Here is a sample iptables configuration (for ubuntu):
the following commands allow all traffic to localhost and to the ports 22 (ssh), 80 (http) and 443 (https)
# accept local traffic
sudo iptables -A INPUT -i lo -j ACCEPT
# allow established connections
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# allow connections to ports 22, 80, 443
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
these commands block the rest of the traffic:
# drops the rest of the traffic to the server
# sudo iptables -P INPUT DROP
# disables the possibility to route traffic through the server (you may or may not want to use this)
# sudo iptables -P FORWARD DROP
# makes it possible to send data from the server
# sudo iptables -P OUTPUT ACCEPT
Before running any of these iptables commands it is always a good idea to set up a cronjob that resets your iptables configuration every 5 minutes. In that case if something goes wrong (you lock yourself out of the server for example because you forgot to enable port 22 in your firewall) the rules get reset and you can fix the issue.
this is a script from the iptables ubunt wiki to reset the firewall:
https://help.ubuntu.com/community/IptablesHowTo
echo "Stopping firewall and allowing everyone..."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
when everything is finished and seems to be working do not forget to install the package iptables-persistent (by default the iptables rules only exist until the server is restarted)
sudo apt-get install iptables-persistent
this is by far not a complete guide on how to secure your server with iptables as firewall but I hope that it can get you started.
Now the database is only reachable from the server on not from the public internet anymore. To access your database from the public internet anyways you will have to create a ssh tunnel to your server:
ssh youruser#yourdomain_or_ip_adress -f -N -L 27019:yourdomain_or_ip_adress:27019
-f -N -L 27019 <-- here you define the port that should be used on your machine for the database traffic
yourdomain_or_ip_adress:27019 <-- this is the port that the database runs on on your server
When this is done you should be able to access the database from your server at your local machine at 127.0.0.1:27019.
This is a more general way to secure any application that runs on a server that is exposed to the internet.
There is also an official guide on how to specifically secure mongodb internally you can find it here: https://docs.mongodb.com/manual/administration/security-checklist/

PostgreSQL Server doesn't listen: Tried everything and failed

When attempting to connect to PostgreSQL from a remote Windows server using pgAdmin 1.16.1 I get the dreaded 'Server doesn't listen' message with 'could not connect to server: Connection timed out (0x0000274C/10060) Is the server running on host "xxx.xx.xxx.xx" and accepting TCP/IP connections on port 5432'.
I'm running PostgreSQL 9.3 on CentOS 6.4. Here's what I've tried so far:
I can access the database locally with psql --username=postgres. The database is there, it's running and I can query it
In postgresql.conf, I've set
listen_addresses = '*'
port = 5432
In pg_hba.conf, I've got the server that I am trying to access the database from listed as:
host all all xxx.xx.xxx.0/24 md5
SELinux is turned off (getenforce gets the response Disabled)
Just in case I've added port 5432 to the IPTables
iptables -A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT
I've gone into postgresql with psql and set the password (although I'm convinced it was already set correctly)
ALTER USER postgres WITH PASSWORD '*************';
Typing netstat -angives these references to port 5432 (not sure they are relevant):
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN
tcp 0 0 :::5432 :::* LISTEN
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 677454 /tmp/.s.PGSQL.5432
I can ping from the remote server to the database server
I have no problem connecting to another server running PostgreSQL 9.1 on Ubuntu from the same remote server using the same installation of pgAdmin
I'm stumped. Does anyone have a clue to what more could be wrong? And yes, I did remember to restart the server after changing the config files. I believe that I've read every other post on the subject.

Maybe you forgot add OUTPUT rule?
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d xx.xx.xx.xx --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s xx.xx.xx.xx --sport 5432 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
xx.xx.xx.xx - your server IP

Access remote Postgres server with pgAdmin

I've got pgAdmin running on my XP machine. There's a Centos machine running a Postgres server on the network. The Postgres server pg_hba.conf file has the following lines
TYPE DATABASE USER CIDR-ADDRESS METHOD
host all all 10.0.0.68/32 trust
local mydb myuser password
local all postgres ident
host mydb myuser 10.0.0.68/32 password
host all postgres 10.0.0.68/32 trust
My postgresql.conf file has the following line:
listen_address = 'localhost, 10.0.20.10'
nmap -sS 10.0.20.10 shows:
PORT STATE SERVICE
5432/tcp open postgresql
I can ssh into a bash shell on the server, but I can't connect with pgAdmin. I get the following:
could not connect to server: No route to host(0x00002751/10065) Is the
server running on host "10.0.20.10" and accepting TCP/IP connections
on port 5432?
I've no idea what the problem is.

#Aidan found the solution himself:
It was a firewall issue.
service iptables stop
enabled the connection. I'll just write a rule to allow the connection.

Suppose server's IP address is 10.0.20.10 then you could just add these iptable rules as #Dark Star1 proposed in comments:
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 10.0.20.10 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 10.0.20.10 --sport 5432 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Can't connect to MongoD / byzarre

I installed mongoDB through the official tutorial http://www.mongodb.org/display/DOCS/Building+for+Linux
The daemon starts up, a netstat-na | grep 27017 shows:
tcp 0 0 0.0.0.0:27017 0.0.0.0: * LISTEN
unix 2 [ACC] STREAM LISTENING 100949 / tmp/mongodb-27017.sock
I added these iptables rules:
-A INPUT-p tcp-m tcp - dport 27017-j ACCEPT
-A INPUT-p tcp-m tcp - dport 28017-j ACCEPT
When loading through the browser, I get well on the web management interface in 28017
If I add a remote connection on mongoHQ, I get to use the database
By cons, if I run the client locally, an error is raised:
Error: could not connect to server 127.0.0.1 shell / mongo.js: 79 except: connect failed
Same if I try to use the database on an existing project, can't connect to it.
I turn around, I do not understand, thank you in advance for your help.

Solution if you have this problem :
iptables -t filter -A OUTPUT -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
iptables -t filter -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
And it's ok ^^

Does the firewall need to be explicitly opened on port 27017 to allow outbound TCP connections?
iptables -A OUTPUT -p tcp --dport 27017 -j ACCEPT