Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to configure postgresql postgresql.conf listen_addresses for multiple ip addresses [closed]

Tags:

postgresql

I can connect just fine to a remote postgresql server that has connection restrictions to a few IPs in the pg_hba.conf, but is this enough if you have listen_addresses set to "*" in the postgresql.conf file?

That files indicates that that parameter can take a comma separated list of ip addresses, but if i do that, I lose the ability to connect remotely.

postgresql-8.4.9 rhel

like image 555
chrismarx Avatar asked Mar 19 '12 02:03

chrismarx


People also ask

How many concurrent connections can postgres handle?

PostgreSQL Connection Limits 15 connections are reserved for the superuser to maintain the state and integrity of your database, and 100 connections are available for you and your applications.

How do I check if port 5432 is open?

If you are trying to connect to a Postgres instance on the same host as your terminal, you can run lsof -p :5432 which will show which, if any, processes are listening on that port. The postgres process should be connected there. You can also look at the listen_address and port value in your postgresql.

How do I whitelist an IP address in postgres?

Click Create Whitelist. Set the Network Isolation Mode parameter. Enter a name in the Whitelist Name field, add IP addresses or CIDR blocks, and then click OK.


2 Answers

listen_addresses controls which IPs the server will answer on, not which IPs the server will permit connections to authenticate from. It's entirely reasonable and normal to use listen_addresses '*' so the server will accept incoming connections on any ip assigned to an interface on the postgresql server host, while using pg_hba.conf to control access at a finer grained level for which IPs the server will accept logins from for specific databases and users.

like image 151
dbenhur Avatar answered Sep 28 '22 10:09

dbenhur


Setting listen_addresses to '*' is normal, as dbenhur points out. Also you can use tools such as iptables to deny access to the port apart from certain remote IPs. You can even do both: redundancy in security is not necessarily a bad thing (although, relying on IP address security isn't so good).

like image 40
araqnid Avatar answered Sep 28 '22 10:09

araqnid