Postgresql – Proper remote access control management in PostgreSQL

postgresql

I want to create environment that allows the limited number of machines connect to my database server.
For debugging needs all IP address have the remote access to PostgreSQL server

listen_addresses = '*'
host all all 0.0.0.0/0 md5

I want to limit access. What is the canonical way to do that?
I though of using proxy server to connect from local machines to PostgreSQL server, but I'll appreciate other ideas.

Best Answer

Just change pg_hba.conf from

host all all 0.0.0.0/0 md5

to rules you need. Columns are : type (leave host), database, username, IP, access method. For example, if you need to allow only 1.2.3.4 and 5.6.7.8 to connect any database using any username:

host all all 1.2.3.4/32 md5
host all all 5.6.7.8/32 md5
host all all 0.0.0.0/0 reject

Use service postgresql reload (or smt like that, depending on your system) to apply changes.

Related Solutions

Connect to Remote PostgreSQL Database on Ubuntu Using pgAdmin3

The line in your netstat report shows that the database is only listening on localhost:5432 (127.0.0.1) for incoming tcp connections.

Proto Recv-Q Send-Q Local Address   Foreign Address  State   PID/Program name
tcp        0      0 127.0.0.1:5432  0.0.0.0:*        LISTEN  3561/postgres

So it can only accept local tcp connections regardless of what permissions you've specified in pg_hba.conf. pg_hba.conf only specifies allowed connections, but does not specify what interfaces your service will listen to.

The addresses the server listens on is specified with the listen_addresses GUC in postgresql.conf. If you want the server to listen for remote connections you should specify the ip(s) you want it to listen on or * to listen on all available interfaces on the host.

To have your postgresql server listen on all interfaces on the host, you should have the following line in postgresql.conf:

listen_addresses = '*'

Postgresql – Connecting to an external database with pgAdmin III

This line:

 host    all             all             192.168.0.0/24          md5

will let through connections from IPs matching 192.168.0.X where X is any byte.

The IP address of your error message being 192.168.108.161, it does not match this pattern because 108 is not 0.

To enable addresses like 192.168.X.Y, you'd need a /16 instead of /24 meaning that the first 16 bits only are fixed.

Like this:

 host    all             all             192.168.0.0/16          md5

Don't forget to reload Postgresql. From the official docs, use pg_ctl reload. If that doesn't work, then there are other ways to do it listed in this question.

Best Answer

Related Solutions

Connect to Remote PostgreSQL Database on Ubuntu Using pgAdmin3

Postgresql – Connecting to an external database with pgAdmin III

Related Question