Installed PostgreSQL 9.1 x64 on Windows, set up a listen address, but when connecting with pgAdmin I get the following error. Not sure why PostgreSQL is seeing my IPv6 address and not my regular IP address:
To get authentication working, based on the error message, I updated pg_hba.conf with this:
host all all fe80::c5d2:XXXX:XXXX:3bc0/12 trust
That worked, but it's ugly, and too specific. I tried the following based on PostgreSQL docs, but none worked, I get the same 'access denied' error:
local all all trust
host all all 0.0.0.0/12 trust
I got this one working, which covers the entire IPv6 address space, but how can I specify an IPv6 range for more restriction?
host mydb myuser ::/0 trust
Questions
- Why does pgAdmin pick up my IPv6 address and not my normal IP?
- How do I specify a range in IPv6 without resorting to
::/0?
Best Answer
The IPv6 addresses starting with
fe80:are link-local addresses. They cannot be routed across different subnets or the internet. They are for communication between machines connected to the same LAN only. The link-local range is defined asfe80::/10. If you trust everybody on your local LAN then you could doIf you don't trust everybody on your local LAN then you probably want to use username+password protection:
When specifying
md5you are still using username+password protection, but the password is not transmitted in a readable format anymore. Since you're not trusting people on your local LAN you probably shouldn't send a snoopable password over the wire either.