我一直在广泛阅读教程来帮助解决我的问题,但无济于事。
我有一台 Redhat VM,上面安装了 Postgres,我想让它可以进行远程连接。当我在机器上时,如果我运行以下命令,我就可以连接到我想要的表。
psql -U philhouse -d pwap
但是,当我尝试运行这个时:
psql -U philhouse -d pwap -h servername.nu.edu
我总是超时。
我读了多个教程和指南,但还是搞不懂。我编辑了 pg_hba.conf 文件、我的 postgres.conf 文件,以及尝试使用 iptables。下面是以下输出,仅供您查看:
配置文件为了测试目的,我已将其更改为允许所有连接
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 0.0.0.0/0 trust
# IPv6 local connections:
host all all ::1/128 trust
postgres.conf- 在这里我将 listen_addresses 改为 * 只是为了测试目的
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
#listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost', '*' = all
# (change requires restart)
#port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
# Note: Increasing max_connections costs ~400 bytes of shared memory per
# connection slot, plus lock space (see max_locks_per_transaction).
#superuser_reserved_connections = 3 # (change requires restart)
#unix_socket_directory = '' # (change requires restart)
#unix_socket_group = '' # (change requires restart)
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
# (change requires restart)
#bonjour_name = '' # defaults to the computer name
# (change requires restart)
# - Security and Authentication -
#authentication_timeout = 1min # 1s-600s
#ssl = off # (change requires restart)
#ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' # allowed SSL ciphers
# (change requires restart)
#ssl_renegotiation_limit = 512MB # amount of data between renegotiations
#password_encryption = on
#db_user_namespace = off
** iptables ** 我刚刚尝试过这个...不是 100% 确定这里该做什么。
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:NETBKP - [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -p tcp -m multiport --dports 13720,13721,13782,13724,13783,13722,13723 -j NETBKP
-A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
#-A INPUT -s 129.105.214.0/255.255.255.0 -p tcp -m tcp --dport 22 -j ACCEPT
#-A INPUT -s 129.105.106.0/255.255.255.128 -p tcp -m tcp --dport 22 -j ACCEPT
#-A INPUT -s 165.124.200.32/255.255.255.240 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 129.105.106.0/255.255.255.128 -p udp -m udp --dport 161 -j ACCEPT
#
#FP 121688
-A INPUT -s 129.105.0.0/255.255.0.0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 165.124.0.0/255.255.0.0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5432 -j ACCEPT
#
#
#-A INPUT -s 129.105.119.86 -j ACCEPT
-A INPUT -j RH-Firewall-1-INPUT
-A NETBKP -s 129.105.106.0/255.255.255.128 -j ACCEPT
-A NETBKP -s 129.105.208.18 -j ACCEPT
-A NETBKP -s 129.105.208.20 -j ACCEPT
-A NETBKP -s 129.105.208.82 -j ACCEPT
-A NETBKP -s 129.105.208.115 -j ACCEPT
-A NETBKP -s 129.105.208.116 -j ACCEPT
-A NETBKP -s 129.105.215.131 -j ACCEPT
-A NETBKP -s 165.124.61.0/255.255.255.128 -j ACCEPT
-A NETBKP -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#-A RH-Firewall-1-INPUT -j LOG
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
我遗漏了什么想法或事情吗?我已经为此工作了 3 天,但没有取得任何进展……
谢谢您的帮助!!
答案1
适当地设置您的 listen_address(即删除已有 listen_address 前面的注释字符)。默认情况下,postgres 仅监听本地套接字和 localhost(环回接口)。
答案2
我来把整个过程告诉你,请你一步一步再检查一下:
添加以下行
'/etc/postgres/10/main/postgres.conf'
:listen_addresses = '*'
添加以下几行到
'/etc/postgres/10/main/pg_hba.conf'
:host all all 0.0.0.0/0 md5 host replication all 0.0.0.0/0 md5
运行以下命令:
sudo ufw allow 5432/tcp