I'm trying to connect to my remote DB from inside Intellij.
So I think I need to be in pg_hba.conf
I have my IPV4 local connections:
host all all my.IP.V4.ip/32 md5
Question: beneath this is a line to configure IPV6, I have the address but I don't know what exactly to put for the IPV6 line after the "/"? Do I even need the slash?
host all all 1:2:3:4:5:6:7:8/??? md5
UPDATE: Hmm, so I have...
host all all xxxx:xxxx:xxxx:ccc:xxxx:xxxx:xxxx/128 trust
...and my db client (intellij) is still asking for a username / password.
user:postgres....pass:none....is still failing
thanks in advance
pg_hba.conf takes CIDR addresses, so yes, just like with IPv4 address you'll need the slash and the number behind it.
If you want to narrow the permissible connection down to one specific host you'll want to specify a /128.
host all all 1:2:3:4:5:6:7:8/128 md5
Related
I would like to force the http_poller to use ipv6 first prior to ipv4.
The host running logstash is dual stacked and the target host also.
The issue lies in the ACL on the target host only accepting requests from the IPv6 addresses on the vhost configured.
curl works as it is default ipv6 first if dual stacked and ipv6 addresses are returned by dns (but also ipv4).
When in touch with the supplier of the endpoint it seemed that we are going over ipv4 when using the http_poller input from logstash iso ipv6, I see no options in the plugin to force ipv6 and the supplier is not going to change its dns, nor allowing our ipv4 address.
I know that I could create a workaround with having an exec input that handles the request, but I consider this only as a last resort.
Someone who has an idea on how to solve it?
Update: I already looked into the info of manticore http client, but did not find a solution there (thanks Badger for reminding me to share the fact that I already looked into this)
I'm standing up a new application and having some issues with host based authentication. I know there are other posts out there (espec this one) but nothing I try seems to work.
My error:
no pg_hba.conf entry for host "::1", user "root", database "db_name_here", SSL off
My pg_hba.conf file looks like:
# TYPE DATABASE USER ADDRESS METHOD
local all all peer map=usermap
local replication all peer map=usermap
hostssl all all all md5
host replication all all md5
I have a note to myself from the past where I said the following worked:
host db_name_here root ::1 trust
But it doesn't.
I've even tried:
all all all all trust
even that didn't work, same error.
I've read the postgresql docs, and while the helped explain what was going on, (and made me try hostnossl, to no avail) I'm still getting the same error.
Do you see my mistake?
Your pg_hba.conf entry is missing the netmask; a plain IP address is a syntax error. This one should work:
host db_name_here root ::1/128 trust
Don't use trust for anything but tests. As soon as you get that to work, replace it with a real authentication method like scram-sha-256.
Make sure you reload the database with
pg_ctl -D /path/to/datadir reload
and check the log file for errors (that is important, as a syntactically wrong file won't be loaded).
The alternative is to enable SSL on the server side and use it for the local connection.
The fastest way to connect would be via Unix sockets (if you are not on Windows or use the JDBC driver), perhaps that is the best thing to do.
Have you tried allow IPv6 localhost seperately like this
# TYPE DATABASE USER ADDRESS METHOD
host all all ::1/128 trust
Add sslmode=Require; and Trust Server Certificate=true; in your connection string.It will work for sure.
In my case, the DB is hosted on a different server and we get access credentials for the DB server. So, I only had to use sslmode:require while creating the connection string, like this
dbURI := fmt.Sprintf("sslmode=require host=%s port=%s user=%s dbname=%s password=%s", dbHost, dbPort, username, dbName, password)
log.Println("Postgres connection string: " + dbURI)
conn, err := gorm.Open("postgres", dbURI)
return conn
I'm having a trouble which I can't connect to my database using IP Address. It works fine when I access it to my local but the problem is the other PC can't connect to my server. I've been using postgre v11 and navicat v12. Is there any permission to setup in my device in order that the other devices can access to my database? It would be great if anybody could figure out where I am doing something wrong. thank you so much in advance
You have to change the host settings of the database to access it from a foreign IP
I would look at two things if connections from remote hosts are being rejected.
First what is the value of the parameter listen_addresses in the postgresql.conf file? If it is set to:
listen_addresses='localhost'
It will be allow only local loopback connections. Change this (for example to listen on all interfaces) to:
listen_addresses='*'
Next, check the pg_hba.conf file has a rule to allow connections from your remote client. By default PostgreSQL will refuse these remote connections and they must be whitelisted. The following example entry would allow any user to connect to any database from 192.168.1.2 and they must supply the password
host all all 192.168.1.2/32 md5
Check out the official PostgreSQL docs for this at:
https://www.postgresql.org/docs/11/auth-pg-hba-conf.html
I keep getting an error when trying to connect to psql database, "connection closed by remote host". I have tried modifying the pg_hba.conf file to allow the IP of my computer to have access, but I still get the same error, what am I doing wrong? Do I have to restart the server or something?
host all all <ip>/32 md5
As well, I have seen /24 instead of /32, how do I know which number to use?
The notation "/32" refers to a single IP address whereas the notation "192.168.1.0/24" refers to all addresses on the 192.168.1.x network.
And yes, you will probably have to do an SQL restart, something like:
service postmaster restart
But make sure your IP address is restrictive so that hackers won't be visiting your database all day. Use "localhost" if you can (127.0.0.1).
I am implementing a dns client, in which i try to connect to a local dns server, but the dns server is returning the message with an error code 5 , which means that its refusing the connection.
Any thoughts on why this might be happening ?? Thanks
DNS response error code 5 ("Refused") doesn't mean that the connection to the DNS server is refused.
It means that the DNS server refuses to provide whatever data you asked for, or to do whatever action you asked it to do (for example a dynamic update).
Since you mention a "connection", I assume that you are using TCP?
DNS primarilly uses UDP, and some DNS servers will refuse all requests over TCP.
So the solution might be as simple as switching to UDP.
Otherwise, assuming you are building your own DNS client from scratch, my first guess would be that you are formatting the request incorrectly. Eventhough the DNS protocol seems fairly simple, it is very easy to get this wrong.
Finally, the DNS server may of course simply be configured to refuse requests for whatever you are asking.
explicitly adding the network from which i wanted to allow-recursion fixed this problem for me:
these two lines added to /etc/bind/named.conf.options
recursion yes;
allow-recursion { 10.2.0.0/16; };
Policy enforcement?
The DNS server could be configured to accept only connections from certain hosts.
Hmm, if you're able to access StackOverflow you have a working DNS server SOMEwhere. Try doing
host -v stackoverflow.com
and look for messages like
Received 50 bytes from 192.168.1.1#53 in 75 ms
then pick the address out of that line and use THAT as your DNS - it's obviously willing to talk to you.
If you're on Windows, use NSLOOKUP for the same purpose. Your name server's address will be SOMEwhere in the output.
EDIT:
When I'm stuck for a DNS server, I use the one whose address I can remember most easily: 4.2.2.2 . See how that works for you.
You might try monitoring the conversation using WireShark. It can also decode the packets for you, which might help you determine if your client's packets are correctly encoded. Just filter on port 53 (DNS) to limit the packets captured by the trace.
Also, make sure you're using UDP and not TCP for queries; TCP should be used primarily for zone transfers, not queries.