Develop Reference

Problems Connecting to Remote PSQL on Linux Server

I have a linux server with PSQL installed (psql (15.2 (Ubuntu 15.2-1.pgdg22.04+1))). This is installed on Oracle Cloud.
I am trying to connect using the command
psql -h 129.213.17.88 -p 5432 -d breedingdb -U postgres
Where 129.213.17.88 is the public IP of the server in Oracle.
Error message:
psql: error: connection to server at "129.213.17.88", port 5432 failed: No route to host
Is the server running on that host and accepting TCP/IP connections?
sudo ufw status
5432 ALLOW Anywhere
5432/tcp ALLOW Anywhere
5432 (v6) ALLOW Anywhere (v6)
5432/tcp (v6) ALLOW Anywhere (v6)
sudo systemctl status postgresql
I have changed postgresql.conf to include:
listen_addresses = '*'
port = 5432
I have changed pg_hba.conf to include:
host all all 0.0.0.0/0 md5
host all all ::1/128 md5
After that sudo systemctl restart postgresql
inbound rules on Oracle cloud
sudo netstat -plunt |grep postgres
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 41326/postgres
tcp6 0 0 :::5432 :::* LISTEN 41326/postgres
I have no problems connecting
locally
sudo nmap -sS 129.213.17.88 -p 5432
Starting Nmap 7.80 ( https://nmap.org ) at 2023-02-18 00:14 UTC
Nmap scan report for 129.213.17.88
Host is up (0.00045s latency).
PORT STATE SERVICE
5432/tcp filtered postgresql
Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds

ufw firewall in GCP

I've a VM in Google Cloud and I'm trying to connect to it over TCP port 8890.
I've already set the Firewall rules in GCP so the problem in on VM firewall.
I'm using Debian 10 as OS and I've installed ufw. The output of ufw status command is:
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
2222 ALLOW Anywhere
21 ALLOW Anywhere
Nginx Full ALLOW Anywhere
21/tcp ALLOW Anywhere
49152:65535/tcp ALLOW Anywhere
5432 ALLOW Anywhere
8890 ALLOW Anywhere
8890/tcp ALLOW Anywhere
8890/udp ALLOW Anywhere
Anywhere ALLOW 127.0.0.1
22/tcp (v6) ALLOW Anywhere (v6)
2222 (v6) ALLOW Anywhere (v6)
21 (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
21/tcp (v6) ALLOW Anywhere (v6)
49152:65535/tcp (v6) ALLOW Anywhere (v6)
5432 (v6) ALLOW Anywhere (v6)
8890 (v6) ALLOW Anywhere (v6)
8890/tcp (v6) ALLOW Anywhere (v6)
8890/udp (v6) ALLOW Anywhere (v6)
but if try to telnet localhost 8890 :
Trying ::1...
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
the output of netstat -tulpn | grep LISTEN command is:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 614/nginx: master p
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 607/sshd
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 561/postgres
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 614/nginx: master p
tcp6 0 0 :::80 :::* LISTEN 614/nginx: master p
tcp6 0 0 :::21 :::* LISTEN 433/vsftpd
tcp6 0 0 :::22 :::* LISTEN 607/sshd
tcp6 0 0 :::5432 :::* LISTEN 561/postgres
tcp6 0 0 :::443 :::* LISTEN 614/nginx: master p

That's the log JSON from Google Cloud:
{
insertId: "1m9sozhg3119gk8"
jsonPayload: {
connection: {
dest_ip: "10.132.0.2"
dest_port: 8890
protocol: 6
src_ip: "194.158.251.129"
src_port: 61330
}
disposition: "ALLOWED"
instance: {
project_id: "quokka-319212"
region: "europe-west1"
vm_name: "mkb-quokka"
zone: "europe-west1-b"
}
remote_location: {
continent: "Europe"
country: "che"
region: "Ticino"
}
rule_details: {
action: "ALLOW"
direction: "INGRESS"
ip_port_info: [
0: {
ip_protocol: "TCP"
port_range: [
0: "8890"
]
}
]
priority: 100
reference: "network:default/firewall:port-8890"
source_range: [
0: "0.0.0.0/0"
]
}
vpc: {
project_id: "quokka-319212"
subnetwork_name: "default"
vpc_name: "default"
}
}
logName: "projects/quokka-319212/logs/compute.googleapis.com%2Ffirewall"
receiveTimestamp: "2021-08-11T12:54:47.345480725Z"
resource: {
labels: {
location: "europe-west1-b"
project_id: "quokka-319212"
subnetwork_id: "4380110765229239135"
subnetwork_name: "default"
}
type: "gce_subnetwork"
}
timestamp: "2021-08-11T12:54:41.981790820Z"
}
And that confirm the problem is on the istance and not in Google Cloud firewall

This is expected behavior. In order to see
tcp 0 0 0.0.0.0:8890 0.0.0.0:*
Do the following
1 apt-get install python # install python
2 python -m SimpleHTTPServer 8890 # server listening on port 8890
3 Open a new window #wheel top right corner > new connection to instance
4 netstat -tulpn | grep LISTEN
Reason:
netstat will only show the port if a service or other program is actually listening for incoming connections on that port.

Unable to get PostgreSQL 9.4 to listen on port 5432

I'm using a Linux VM (Ubuntu 15.10) to spin up a Postgres Database, and as far as I can tell, everything should be configured right.
My firewall is disabled:
user#UBUNTUMACHINE:~$ sudo ufw status numbered Status: inactive
But it's only listening on port 22
user#UBUNTUMACHINE:~$ netstat -an | grep "LISTEN "
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
If I enable the firewall, and tell it to listen to 5432, it shows up in the rules:
user#UBUNTUMACHINE:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22 ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
5432/tcp ALLOW IN Anywhere
5432 ALLOW IN Anywhere
22 (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
5432/tcp (v6) ALLOW IN Anywhere (v6)
5432 (v6) ALLOW IN Anywhere (v6)
But I get the same results as above for netstat.
As far as I can tell from researching the issue, I have the correct values in my postgresql.conf file:
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
and I've tried both IP ranges and specific IPs as trusted in the pg_hba.conf file.
# Database administrative login by Unix domain socket
local all postgres ident sameuser
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
host all all 10.0.0.0/255 trust
host all all 10.11.0.0/255 trust
host all all 0.0.0.0/0 trust
Lastly, Postgres is running, per
user#UBUNTUMACHINE:~$ sudo service postgresql status
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2017-03-08 11:09:57 CST; 57min ago
Process: 787 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 787 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/postgresql.service
Mar 08 11:09:57 UBUNTUMACHINEsystemd[1]: Starting PostgreSQL RDBMS...
Mar 08 11:09:57 UBUNTUMACHINEsystemd[1]: Started PostgreSQL RDBMS.
Mar 08 11:32:21 UBUNTUMACHINEsystemd[1]: Started PostgreSQL RDBMS.
Mar 08 11:32:26 UBUNTUMACHINEsystemd[1]: Started PostgreSQL RDBMS.

The log is telling me invalid CIDR mask in address 10.0.0.0/255
:: 255 might be larger than 32
Postgres refuses to start, because it refuses the netmask /255 which islarger than the possible number of bits in the (32 bits) IP-address. You could consider this to be a bit picky for the .hba parser, but it could also be considerered a configuration error.
In any case: replace the /255 by something sensible, like /24 (or /16, since you have two of these entries) And: replace the trust by something more safe, after it appears to work.

How to open a port on linux (Debian jessie)

I have a process that I'm running on my local machine which is listening on TCP port 9000. I would like to consume on another computer of my network. Here is my configuration:
I would like to see it when I run nmap 10.18.12.12 but I don't know how.
nmap localhost
Starting Nmap 6.47 ( http://nmap.org ) at 2015-08-20 13:49 ART
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00037s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 987 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
443/tcp open https
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
8000/tcp open http-alt
**9000/tcp open cslistener**
9001/tcp open tor-orport
9999/tcp open abyss
Starting Nmap 6.47 ( http://nmap.org ) at 2015-08-20 13:45 ART
Nmap scan report for 10.18.12.12
Host is up (0.00073s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
3306/tcp open mysql

The service is bound to 127.0.0.1. You can see this without using Nmap; use netstat instead: netstat -tln will show all listening TCP ports. You should see something like this:
$ netstat -tln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN
In this example, the service on port 21 (FTP) is listening on the special address 0.0.0.0 which means "any available address," but the service on port 9000 is bound to 127.0.0.1, which is a special address ("localhost" or "loopback") not accessible from the network.
Most services will have a way to specify which addresses or interfaces to listen on. Read the manual for the service you are interested in to determine how to change this.

nmap shows less ports open when it runs against ip other than localhost

I have a vm in vmware workstation, it's bridged network and DHCP. The IP assigned by DHCP server is 10.21.245.22. Here is my /etc/hosts looks like:
127.0.0.1 hadoop-namenode-01 localhost
I am running command A and B on the box itself.
Command A:
root#hadoop-namenode-01:~# nmap -sT -sU -p- localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2012-08-10 09:32 PDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00029s latency).
rDNS record for 127.0.0.1: hadoop-namenode-01
Not shown: 131058 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
631/tcp open ipp
8020/tcp open unknown
9000/tcp open cslistener
9001/tcp open tor-orport
50070/tcp open unknown
53/udp open|filtered domain
68/udp open|filtered dhcpc
123/udp open ntp
5353/udp open|filtered zeroconf
47982/udp open|filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 12.45 seconds
Command B:
root#hadoop-namenode-01:~# nmap -sT -sU -p- 10.21.245.22
Starting Nmap 5.21 ( http://nmap.org ) at 2012-08-10 09:28 PDT
Nmap scan report for wn7x64-3jql0q1.dub.emea.dell.com (10.21.245.22)
Host is up (0.00029s latency).
Not shown: 131065 closed ports
PORT STATE SERVICE
22/tcp open ssh
68/udp open|filtered dhcpc
123/udp open ntp
5353/udp open|filtered zeroconf
47982/udp open|filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 12.20 seconds
My question is :
since I have no firewall or anything like that blocking ports, why nmap shows more ports open when it's running against localhost while less ports are shown when it's running against the ip.

why nmap shows more ports open when it's running against localhost
while less ports are shown when it's running against the ip
Some applications decided to explicitly listen (bind actually) only on localhost, i.e. 127.0.0.1. You can do a netstat to check things out.

Most of system running process in Linux use loopback (127.0.0.1) ip address to communicate with each other. It doesn't require to send packet outside network.