Re: [GENERAL] How to configure for remote TCP/IP client conncections using MS Visual Basic OLE DB calls and PostgreSQL dll's?

Wed, 09 Mar 2011 10:56:30 -0800 

On 03/09/2011 09:54 AM, John Edens wrote:


------------


Using * should be fine unless you have multiple IP addresses and want 
the *server* to *listen* on only some of those addresses - say 
localhost if you were running web and db on the same machine and 
didn't want to listen to connections from the outside. This setting 
only determines where the server listens.


-------------


Okay, done that - what is the difference between  listening on only 
some of those addresses and allowing only clients in a certain range 
to connect?




They are completely different.


Your server can have multiple IP addresses. In fact, it almost certainly 
has an IP assigned to your NIC and a localhost address. But you could 
have multiple NICs in the machine and/or multiple IP addresses assigned 
to each NIC. This is very common - especially for web servers hosting 
several sites on different addresses. The addresses can be on different 
networks, as well.



Suppose your server has addresses 10.1.1.2, 10.1.1.3 and 192.168.1.4. If 
listen_addresses is set to *, a client could connect to PostgreSQL by 
connecting to any of those addresses - i.e. the host in their connection 
string could be any of the addresses you listen on. If that is not what 
you want, you need to explicitly list the addresses you want PostgreSQL 
to use.



Now that you are listening on one or more addresses, the pg_hba.conf 
determines who is allowed to connect. It is completely independent of 
where you listen. It could include all IP addresses, or one or more 
individual IPs or IP ranges. And the IP addresses allowed for clients do 
not need to overlap your listen_address or be on the same IP network.



By way of example, you could have three independent instances of 
PostgreSQL running on your machine - perhaps one for dev, one for QA and 
one for deployment-staging. You could have dev listen only on .2, QA on 
.3 and deploy on .4. You could even have a 4th, say "sandbox", listening 
on all (though it would have to have a different port). And each one of 
those instances could have different pg_hba.conf settings to restrict 
client access as appropriate.


Cheers,
Steve























					Reply via email to