连接到远程 Linux 服务器上的 PSQL 时出现问题

huangapple go评论67阅读模式
英文:

Problems Connecting to Remote PSQL on Linux Server

问题

我有一个安装了PSQL(psql(15.2(Ubuntu 15.2-1.pgdg22.04+1)))的Linux服务器。这是在Oracle Cloud上安装的。

我尝试使用以下命令连接:

psql -h 129.213.17.88 -p 5432 -d breedingdb -U postgres

其中129.213.17.88是Oracle服务器的公共IP。

错误信息:

psql: error: connection to server at "129.213.17.88", port 5432 failed: No route to host
	Is the server running on that host and accepting TCP/IP connections?

sudo systemctl status postgresql

我已经更改了postgresql.conf,包括:

listen_addresses = '*'
port = 5432

我已经更改了pg_hba.conf,包括:

host    all             all             0.0.0.0/0                md5
host    all             all             ::1/128                  md5

之后运行sudo systemctl restart postgresql

Oracle Cloud的入站规则

netstat -an | grep -i listen
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:5432            0.0.0.0:*               LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 :::111                  :::*                    LISTEN     
tcp6       0      0 :::5432                 :::*                    LISTEN

我在本地没有连接问题。

sudo nmap -sS 129.213.17.88 -p 5432

Starting Nmap 7.80 ( https://nmap.org ) at 2023-02-22 18:19 UTC
Nmap scan report for 129.213.17.88
Host is up (0.00042s latency).

PORT     STATE  SERVICE
5432/tcp closed postgresql

Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds

ping 129.213.17.88

PING 129.213.17.88 (129.213.17.88) 56(84) bytes of data.
64 bytes from 129.213.17.88: icmp_seq=1 ttl=63 time=0.508 ms
64 bytes from 129.213.17.88: icmp_seq=2 ttl=63 time=0.498 ms
64 bytes from 129.213.17.88: icmp_seq=3 ttl=63 time=0.483 ms
^C
--- 129.213.17.88 ping statistics --- 
3 packets transmitted, 3 received, 0% packet loss, time 2043ms
英文:

I have a linux server with PSQL installed (psql (15.2 (Ubuntu 15.2-1.pgdg22.04+1))). This is installed on Oracle Cloud.

I am trying to connect using the command

psql -h 129.213.17.88 -p 5432 -d breedingdb -U postgres

Where 129.213.17.88 is the public IP of the server in Oracle.

Error message:

psql: error: connection to server at "129.213.17.88", port 5432 failed: No route to host
	Is the server running on that host and accepting TCP/IP connections?

sudo systemctl status postgresql

I have changed postgresql.conf to include:

listen_addresses = '*'
port = 5432

I have changed pg_hba.conf to include:

host    all             all             0.0.0.0/0                md5
host    all             all             ::1/128                  md5

After that sudo systemctl restart postgresql

inbound rules on Oracle cloud

netstat -an | grep -i listen
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:5432            0.0.0.0:*               LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 :::111                  :::*                    LISTEN     
tcp6       0      0 :::5432                 :::*                    LISTEN

I have no problems connecting
locally

sudo nmap -sS 129.213.17.88 -p 5432

Starting Nmap 7.80 ( https://nmap.org ) at 2023-02-22 18:19 UTC
Nmap scan report for 129.213.17.88
Host is up (0.00042s latency).

PORT     STATE  SERVICE
5432/tcp closed postgresql

Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds

ping 129.213.17.88

PING 129.213.17.88 (129.213.17.88) 56(84) bytes of data.
64 bytes from 129.213.17.88: icmp_seq=1 ttl=63 time=0.508 ms
64 bytes from 129.213.17.88: icmp_seq=2 ttl=63 time=0.498 ms
64 bytes from 129.213.17.88: icmp_seq=3 ttl=63 time=0.483 ms
^C
--- 129.213.17.88 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2043ms

答案1

得分: 0

OCI支持团队已经与我进行了通话,并能够为我提供解决方案。

如问题所示,之前在OCI(入站规则)中已经进行了允许连接到端口5432的网络级别更改。

我错过了防火墙级别的更改:

编辑/etc/iptables/rules.v4

在其中添加以下行,其中5432是PSQL端口:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT

保存并退出

然后,我们需要重新启动iptables netfilter-persistent restart 来查看是否应用了规则:

iptables -L

应该显示如下:

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:postgresql

我必须提醒这是不安全的。请自行承担风险。这对我的目的有效。

然后使用以下命令psql -h ip_address -d dbname -U username -W 来连接到一个受密码保护的远程数据库。

我尝试使用私有IP和公共IP进行连接,它们都可以工作。这两个实例都位于同一个VCN中。

成功连接到breedingdb:
连接到远程 Linux 服务器上的 PSQL 时出现问题

英文:

OCI support team has jump into a call with me and they were able to provide me with the solution.

As shown in the question, network level changes to allow connection to port 5432 were made previously in OCI (inbound rules).

I was missing changes at the firewall level:

Edit /etc/iptables/rules.v4

Add the following line where 5432 is PSQL port:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT

Save and Exit

Then, we need to restart iptables netfilter-persistent restart
To see if rules were applied:

iptables -L

It should have there:

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:postgresql

I have to mention this is unsecure. Do it at your own risk. It works for my purposes.

Then use the command psql -h ip_address -d dbname -U username -W to connect to a password protected remote database.

I tried connecting using the private and the public ip and they both work. Both intances were on the same VCN.

Successfully connected to breedingdb:
连接到远程 Linux 服务器上的 PSQL 时出现问题

答案2

得分: 0

你检查/添加了该端口的iptables规则吗?

https://blogs.oracle.com/developers/post/enabling-network-traffic-to-ubuntu-images-in-oracle-cloud-infrastructure

执行 sudo nmap -sS <private ip> -p 5432 命令时,端口是否显示为开放?

英文:

Did you check/add iptables rules for that port?

https://blogs.oracle.com/developers/post/enabling-network-traffic-to-ubuntu-images-in-oracle-cloud-infrastructure

Does sudo nmap -sS <private ip> -p 5432 show the port as open?

答案3

得分: 0

我遇到了类似的问题,并成功解决了它。在解决问题的过程中,我能够跟踪特定的错误、了解它们的原因以及这些错误的解决方法。首先,我安装了telnet来帮助我调试与服务器的连接。我运行了以下命令:

telnet <服务器IP,例如88.222.333.11> 5432

我遇到的一个错误是:

telnet: 无法连接到远程主机: 主机无法到达

当您未配置您的iptables以接受来自您正在使用的设备的流量时,会发生这个错误。可以通过向IP表添加一个条目来解决这个问题。

# 更新iptables并允许来自目标IP(例如105.222.22.222)的流量
sudo nano /etc/iptables/rules.v4
-A INPUT -p tcp -s 105.222.22.222/32 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT

# 对iptables进行更改生效
sudo iptables-restore < /etc/iptables/rules.v4
sudo iptables -L

我遇到的另一个错误是:

telnet: 无法连接到远程主机: 连接被拒绝

当您未配置postgresql.conf以接受来自您正在使用的设备的流量时,会发生这个错误。可以通过找到listen_addresses条目并将其设置为特定IP或使用通配符来接受来自任何设备的流量来解决这个问题。

打开postgresql.conf

sudo nano /etc/postgresql/14/main/postgresql.conf

并修改listen_addresses条目:

...
listen_addresses = '*'
...

我遇到的最后一个错误是在尝试连接到数据库时:

psql -h 88.222.333.11 -p 5432 -U username db_name -W
> 密码

出现以下错误:

psql: 错误: 连接到服务器失败:"88.222.333.11",端口5432: 致命错误: 未找到主机"105.222.22.222"的pg_hba.conf条目,用户"blabla",数据库"foobar",SSL加密
连接到服务器失败:"88.222.333.11",端口5432: 致命错误: 未找到主机"105.222.22.222"的pg_hba.conf条目,用户"blabla",数据库"foobar",没有加密

当您未配置pg_hba.conf以接受来自您正在使用的设备的流量时,会发生这个错误。可以通过向pg_hba.conf文件添加一个条目来解决这个问题。打开文件:

sudo nano /etc/postgresql/14/main/pg_hba.conf

并在文件末尾添加一个条目以允许您的设备连接:

# 类型  数据库        用户            地址                 方法
host    all             all             105.222.22.222/32       md5

然后别忘了重新启动您的PostgreSQL:sudo /etc/init.d/postgresql restart。还要注意,当添加IP时,请记得附加/32,以匹配特定IP以提高安全性。同时,请确保在网络安全配置中添加入口规则以允许来自您的设备的流量。

英文:

I had a similar problem and was able to solve it. In the process of solving it I was able to track specific errors, what caused them, and the solutions to those errors. First I installed telnet to help me debug connections to the server. I ran the following command:-

telnet &lt;server IP eg.88.222.333.11&gt; 5432

One of the errors that I encounter was

telnet: Unable to connect to remote host: No route to host

This error occurs when you have not configured your iptables to accept traffic from the device that you are working on. This can be solved by adding an entry to the IP Table

# update iptables and allow traffic from target IP eg. 105.222.22.222
sudo nano /etc/iptables/rules.v4
-A INPUT -p tcp -s 105.222.22.222/32 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT

# effect change to the iptables
sudo iptables-restore &lt; /etc/iptables/rules.v4
sudo iptables -L

The other error that I encountered is

telnet: Unable to connect to remote host: Connection refused

This error occurs when you have not configured your postgresql.conf to listen for traffic from the device that you are working on. This can be solved by finding the listen_addresses entry and set to a specific IP or using a wildcard to listen for traffic from any device.

open the postgresql.conf

sudo nano /etc/postgresql/14/main/postgresql.conf

and modify the listen_addresses entry

...
listen_addresses = &#39;*&#39;
...

The last error that I encountered was when I tried to connect to the db:

psql -h 88.222.333.11 -p 5432 -U username db_name -W
&gt; password

was

psql: error: connection to server at &quot;88.222.333.11&quot;, port 5432 failed: FATAL:  no pg_hba.conf entry for host &quot;105.222.22.222&quot;, user &quot;blabla&quot;, database &quot;foobar&quot;, SSL encryption
connection to server at &quot;88.222.333.11&quot;, port 5432 failed: FATAL:  no pg_hba.conf entry for host &quot;105.222.22.222&quot;, user &quot;blabla&quot;, database &quot;foobar&quot;, no encryption

This error occurs when you have not configured your pg_hba.conf to accept traffic from the device that you are working on. This can be solved by adding an entry to the pg_hba.conf file.
Open the file

sudo nano /etc/postgresql/14/main/pg_hba.conf

and add an entry for your device at the end of the file

# TYPE  DATABASE        USER            ADDRESS                 METHOD
host    all             all             105.222.22.222/32       md5

then remember to restart your postgres sudo /etc/init.d/postgresql restart.

Something else to look out for is when adding an IP remember to append the /32 for it to match a specific IP for good security. Also, remember to add an ingress rule in your network security configuration to allow traffic from your device

答案4

得分: -1

sudo ufw allow 5432

尝试这个命令,它解决了我的问题。

英文:

sudo ufw allow 5432

try this command, it solves my problem

huangapple
  • 本文由 发表于 2023年2月18日 02:13:07
  • 转载请务必保留本文链接:https://go.coder-hub.com/75487905.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定