英文:
Problems Connecting to Remote PSQL on Linux Server
问题
我有一个安装了PSQL(psql(15.2(Ubuntu 15.2-1.pgdg22.04+1)))的Linux服务器。这是在Oracle Cloud上安装的。
我尝试使用以下命令连接:
psql -h 129.213.17.88 -p 5432 -d breedingdb -U postgres
其中129.213.17.88是Oracle服务器的公共IP。
错误信息:
psql: error: connection to server at "129.213.17.88", port 5432 failed: No route to host
Is the server running on that host and accepting TCP/IP connections?
sudo systemctl status postgresql
我已经更改了postgresql.conf,包括:
listen_addresses = '*'
port = 5432
我已经更改了pg_hba.conf,包括:
host all all 0.0.0.0/0 md5
host all all ::1/128 md5
之后运行sudo systemctl restart postgresql
netstat -an | grep -i listen
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 :::5432 :::* LISTEN
我在本地没有连接问题。
sudo nmap -sS 129.213.17.88 -p 5432
Starting Nmap 7.80 ( https://nmap.org ) at 2023-02-22 18:19 UTC
Nmap scan report for 129.213.17.88
Host is up (0.00042s latency).
PORT STATE SERVICE
5432/tcp closed postgresql
Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
ping 129.213.17.88
PING 129.213.17.88 (129.213.17.88) 56(84) bytes of data.
64 bytes from 129.213.17.88: icmp_seq=1 ttl=63 time=0.508 ms
64 bytes from 129.213.17.88: icmp_seq=2 ttl=63 time=0.498 ms
64 bytes from 129.213.17.88: icmp_seq=3 ttl=63 time=0.483 ms
^C
--- 129.213.17.88 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2043ms
英文:
I have a linux server with PSQL installed (psql (15.2 (Ubuntu 15.2-1.pgdg22.04+1))). This is installed on Oracle Cloud.
I am trying to connect using the command
psql -h 129.213.17.88 -p 5432 -d breedingdb -U postgres
Where 129.213.17.88 is the public IP of the server in Oracle.
Error message:
psql: error: connection to server at "129.213.17.88", port 5432 failed: No route to host
Is the server running on that host and accepting TCP/IP connections?
sudo systemctl status postgresql
I have changed postgresql.conf to include:
listen_addresses = '*'
port = 5432
I have changed pg_hba.conf to include:
host all all 0.0.0.0/0 md5
host all all ::1/128 md5
After that sudo systemctl restart postgresql
netstat -an | grep -i listen
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 :::5432 :::* LISTEN
I have no problems connecting
locally
sudo nmap -sS 129.213.17.88 -p 5432
Starting Nmap 7.80 ( https://nmap.org ) at 2023-02-22 18:19 UTC
Nmap scan report for 129.213.17.88
Host is up (0.00042s latency).
PORT STATE SERVICE
5432/tcp closed postgresql
Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
ping 129.213.17.88
PING 129.213.17.88 (129.213.17.88) 56(84) bytes of data.
64 bytes from 129.213.17.88: icmp_seq=1 ttl=63 time=0.508 ms
64 bytes from 129.213.17.88: icmp_seq=2 ttl=63 time=0.498 ms
64 bytes from 129.213.17.88: icmp_seq=3 ttl=63 time=0.483 ms
^C
--- 129.213.17.88 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2043ms
答案1
得分: 0
OCI支持团队已经与我进行了通话,并能够为我提供解决方案。
如问题所示,之前在OCI(入站规则)中已经进行了允许连接到端口5432的网络级别更改。
我错过了防火墙级别的更改:
编辑/etc/iptables/rules.v4
在其中添加以下行,其中5432是PSQL端口:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT
保存并退出
然后,我们需要重新启动iptables netfilter-persistent restart 来查看是否应用了规则:
iptables -L
应该显示如下:
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:postgresql
我必须提醒这是不安全的。请自行承担风险。这对我的目的有效。
然后使用以下命令psql -h ip_address -d dbname -U username -W 来连接到一个受密码保护的远程数据库。
我尝试使用私有IP和公共IP进行连接,它们都可以工作。这两个实例都位于同一个VCN中。
成功连接到breedingdb:
英文:
OCI support team has jump into a call with me and they were able to provide me with the solution.
As shown in the question, network level changes to allow connection to port 5432 were made previously in OCI (inbound rules).
I was missing changes at the firewall level:
Edit /etc/iptables/rules.v4
Add the following line where 5432 is PSQL port:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT
Save and Exit
Then, we need to restart iptables netfilter-persistent restart
To see if rules were applied:
iptables -L
It should have there:
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:postgresql
I have to mention this is unsecure. Do it at your own risk. It works for my purposes.
Then use the command psql -h ip_address -d dbname -U username -W to connect to a password protected remote database.
I tried connecting using the private and the public ip and they both work. Both intances were on the same VCN.
Successfully connected to breedingdb:
答案2
得分: 0
你检查/添加了该端口的iptables规则吗?
执行 sudo nmap -sS <private ip> -p 5432 命令时,端口是否显示为开放?
英文:
Did you check/add iptables rules for that port?
Does sudo nmap -sS <private ip> -p 5432 show the port as open?
答案3
得分: 0
我遇到了类似的问题,并成功解决了它。在解决问题的过程中,我能够跟踪特定的错误、了解它们的原因以及这些错误的解决方法。首先,我安装了telnet来帮助我调试与服务器的连接。我运行了以下命令:
telnet <服务器IP,例如88.222.333.11> 5432
我遇到的一个错误是:
telnet: 无法连接到远程主机: 主机无法到达
当您未配置您的iptables以接受来自您正在使用的设备的流量时,会发生这个错误。可以通过向IP表添加一个条目来解决这个问题。
# 更新iptables并允许来自目标IP(例如105.222.22.222)的流量
sudo nano /etc/iptables/rules.v4
-A INPUT -p tcp -s 105.222.22.222/32 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
# 对iptables进行更改生效
sudo iptables-restore < /etc/iptables/rules.v4
sudo iptables -L
我遇到的另一个错误是:
telnet: 无法连接到远程主机: 连接被拒绝
当您未配置postgresql.conf以接受来自您正在使用的设备的流量时,会发生这个错误。可以通过找到listen_addresses条目并将其设置为特定IP或使用通配符来接受来自任何设备的流量来解决这个问题。
打开postgresql.conf:
sudo nano /etc/postgresql/14/main/postgresql.conf
并修改listen_addresses条目:
...
listen_addresses = '*'
...
我遇到的最后一个错误是在尝试连接到数据库时:
psql -h 88.222.333.11 -p 5432 -U username db_name -W
> 密码
出现以下错误:
psql: 错误: 连接到服务器失败:"88.222.333.11",端口5432: 致命错误: 未找到主机"105.222.22.222"的pg_hba.conf条目,用户"blabla",数据库"foobar",SSL加密
连接到服务器失败:"88.222.333.11",端口5432: 致命错误: 未找到主机"105.222.22.222"的pg_hba.conf条目,用户"blabla",数据库"foobar",没有加密
当您未配置pg_hba.conf以接受来自您正在使用的设备的流量时,会发生这个错误。可以通过向pg_hba.conf文件添加一个条目来解决这个问题。打开文件:
sudo nano /etc/postgresql/14/main/pg_hba.conf
并在文件末尾添加一个条目以允许您的设备连接:
# 类型 数据库 用户 地址 方法
host all all 105.222.22.222/32 md5
然后别忘了重新启动您的PostgreSQL:sudo /etc/init.d/postgresql restart。还要注意,当添加IP时,请记得附加/32,以匹配特定IP以提高安全性。同时,请确保在网络安全配置中添加入口规则以允许来自您的设备的流量。
英文:
I had a similar problem and was able to solve it. In the process of solving it I was able to track specific errors, what caused them, and the solutions to those errors. First I installed telnet to help me debug connections to the server. I ran the following command:-
telnet <server IP eg.88.222.333.11> 5432
One of the errors that I encounter was
telnet: Unable to connect to remote host: No route to host
This error occurs when you have not configured your iptables to accept traffic from the device that you are working on. This can be solved by adding an entry to the IP Table
# update iptables and allow traffic from target IP eg. 105.222.22.222
sudo nano /etc/iptables/rules.v4
-A INPUT -p tcp -s 105.222.22.222/32 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
# effect change to the iptables
sudo iptables-restore < /etc/iptables/rules.v4
sudo iptables -L
The other error that I encountered is
telnet: Unable to connect to remote host: Connection refused
This error occurs when you have not configured your postgresql.conf to listen for traffic from the device that you are working on. This can be solved by finding the listen_addresses entry and set to a specific IP or using a wildcard to listen for traffic from any device.
open the postgresql.conf
sudo nano /etc/postgresql/14/main/postgresql.conf
and modify the listen_addresses entry
...
listen_addresses = '*'
...
The last error that I encountered was when I tried to connect to the db:
psql -h 88.222.333.11 -p 5432 -U username db_name -W
> password
was
psql: error: connection to server at "88.222.333.11", port 5432 failed: FATAL: no pg_hba.conf entry for host "105.222.22.222", user "blabla", database "foobar", SSL encryption
connection to server at "88.222.333.11", port 5432 failed: FATAL: no pg_hba.conf entry for host "105.222.22.222", user "blabla", database "foobar", no encryption
This error occurs when you have not configured your pg_hba.conf to accept traffic from the device that you are working on. This can be solved by adding an entry to the pg_hba.conf file.
Open the file
sudo nano /etc/postgresql/14/main/pg_hba.conf
and add an entry for your device at the end of the file
# TYPE DATABASE USER ADDRESS METHOD
host all all 105.222.22.222/32 md5
then remember to restart your postgres sudo /etc/init.d/postgresql restart.
Something else to look out for is when adding an IP remember to append the /32 for it to match a specific IP for good security. Also, remember to add an ingress rule in your network security configuration to allow traffic from your device
答案4
得分: -1
sudo ufw allow 5432
尝试这个命令,它解决了我的问题。
英文:
sudo ufw allow 5432
try this command, it solves my problem
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论