Search Postgresql Archives

Re: How to configure for remote TCP/IP client conncections using MS Visual Basic OLE DB calls and PostgreSQL dll's?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/09/2011 09:54 AM, John Edens wrote:

------------

Using * should be fine unless you have multiple IP addresses and want the *server* to *listen* on only some of those addresses - say localhost if you were running web and db on the same machine and didn't want to listen to connections from the outside. This setting only determines where the server listens.

-------------

 

Okay, done that - what is the difference between  listening on only some of those addresses and allowing only clients in a certain range to connect?

 


They are completely different.

Your server can have multiple IP addresses. In fact, it almost certainly has an IP assigned to your NIC and a localhost address. But you could have multiple NICs in the machine and/or multiple IP addresses assigned to each NIC. This is very common - especially for web servers hosting several sites on different addresses. The addresses can be on different networks, as well.

Suppose your server has addresses 10.1.1.2, 10.1.1.3 and 192.168.1.4. If listen_addresses is set to *, a client could connect to PostgreSQL by connecting to any of those addresses - i.e. the host in their connection string could be any of the addresses you listen on. If that is not what you want, you need to explicitly list the addresses you want PostgreSQL to use.

Now that you are listening on one or more addresses, the pg_hba.conf determines who is allowed to connect. It is completely independent of where you listen. It could include all IP addresses, or one or more individual IPs or IP ranges. And the IP addresses allowed for clients do not need to overlap your listen_address or be on the same IP network.

By way of example, you could have three independent instances of PostgreSQL running on your machine - perhaps one for dev, one for QA and one for deployment-staging. You could have dev listen only on .2, QA on .3 and deploy on .4. You could even have a 4th, say "sandbox", listening on all (though it would have to have a different port). And each one of those instances could have different pg_hba.conf settings to restrict client access as appropriate.

Cheers,
Steve


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux