Search Postgresql Archives

Re: Distinguishing between connections in pg_hba.conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 2005-05-16 at 15:05, Adam Witney wrote:
> On 16/5/05 8:17 pm, "Scott Marlowe" <smarlowe@xxxxxxxxxxxxxxxxx> wrote:
> 
> > On Mon, 2005-05-16 at 07:35, Adam Witney wrote:
> >> Hi,
> >> 
> >> I have a web application (PHP) which runs on its own box, and connects to a
> >> database on a second box. The database box is behind the firewall and only
> >> accepts connections from the web server.
> >> 
> >> I have set up stunnel on the web server and I would like to allow some
> >> limited external direct access to the db server, but I would like
> >> connections from stunnel to only access a specific database. The problem is
> >> that both the web server and the stunnel connections will come from the same
> >> box, and hence the same IP address, is there anyway I can distinguish
> >> between these two connection methods in pg_hba.conf? (I can't do it on
> >> username either)
> > 
> > Add an alias to each machine's ethernet card, along with a name.  So, if
> > you've got 10.1.1.1 as the IP on the web server and 10.2.1.1 on the db
> > server, add 10.1.1.2 and 10.2.1.2 on each respectively, and give them
> > some similar name, like web02 and db02 if their names are web01 and
> > db01.  Set up routes to use the other IP addresses with those names and
> > you should be able to do it.
> > 
> > I haven't fleshed it out step by step, but you get the basic idea,
> > right?
> 
> Hi,
> 
> Thanks for your reply.
> 
> So I see how you add an extra IP address to the web server box, but how do
> you assign it so that requests from apache appear on the db box as one IP
> address, and requests coming through stunnel appear as the second IP
> address?

That's kinda OS dependent.  On RedHat you should have some kind of
netconfig command or something that will make a setting in the
/etc/sysconfig/network-scriptsifcfg-xxx files to set routes.

In Fedora Core 2 the command that brings up the gui config too is
system-config-network

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

               http://www.postgresql.org/docs/faq
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux