无法让PostgreSQL 9.4收听端口5432

时间:2017-03-08 18:08:55

标签: linux postgresql ubuntu firewall ports

我使用Linux VM(Ubuntu 15.10)来启动Postgres数据库,据我所知,一切都应该正确配置。

我的防火墙已停用:

user@UBUNTUMACHINE:~$ sudo ufw status numbered Status: inactive

但它只是在端口22上侦听

user@UBUNTUMACHINE:~$ netstat -an | grep "LISTEN "
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN

如果我启用防火墙,并告诉它听取5432,它会显示在规则中:

user@UBUNTUMACHINE:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
22/tcp                     ALLOW IN    Anywhere
5432/tcp                   ALLOW IN    Anywhere
5432                       ALLOW IN    Anywhere
22 (v6)                    ALLOW IN    Anywhere (v6)
22/tcp (v6)                ALLOW IN    Anywhere (v6)
5432/tcp (v6)              ALLOW IN    Anywhere (v6)
5432 (v6)                  ALLOW IN    Anywhere (v6)

但是我得到了与netstat相同的结果。

据我研究这个问题,我在postgresql.conf文件中有正确的值:

#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------

# - Connection Settings -

listen_addresses = '*'          # what IP address(es) to listen on;
                                        # comma-separated list of addresses;
                                        # defaults to 'localhost'; use '*' for all
                                        # (change requires restart)
port = 5432                             # (change requires restart)

并且我已经尝试了pg_hba.conf文件中受信任的IP范围和特定IP。

# Database administrative login by Unix domain socket
local   all             postgres                                ident sameuser

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     md5
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     postgres                               peer
#host    replication     postgres        127.0.0.1/32           md5
#host    replication     postgres        ::1/128                md5

host   all              all              10.0.0.0/255           trust
host   all              all              10.11.0.0/255          trust
host   all              all              0.0.0.0/0              trust

最后,Postgres按照

运行 
user@UBUNTUMACHINE:~$ sudo service postgresql status
● postgresql.service - PostgreSQL RDBMS
   Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
   Active: active (exited) since Wed 2017-03-08 11:09:57 CST; 57min ago
  Process: 787 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 787 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/postgresql.service

Mar 08 11:09:57 UBUNTUMACHINEsystemd[1]: Starting PostgreSQL RDBMS...
Mar 08 11:09:57 UBUNTUMACHINEsystemd[1]: Started PostgreSQL RDBMS.
Mar 08 11:32:21 UBUNTUMACHINEsystemd[1]: Started PostgreSQL RDBMS.
Mar 08 11:32:26 UBUNTUMACHINEsystemd[1]: Started PostgreSQL RDBMS.

1 个答案:

答案 0 :(得分:1)

  • 日志告诉我地址​​10.0.0.0/255中的无效CIDR掩码
  • :: 255可能大于32

Postgres拒绝启动,因为它拒绝的网络掩码/255大于(32位)IP地址中可能的位数。您可以认为这对.hba解析器有点挑剔,但也可以考虑配置错误。

在任何情况下:用合理的内容替换/255,例如/24(或/16,因为您有两个条目)并且:将trust替换为barThickness在看起来有用之后更安全。

相关问题
最新问题