Cannot connect to port 5432 locally even though it is allowed by UFW
I'm trying to setup my server so that port 5432 (Postgres) is accessible only from localhost. So I've denied everything, and added back port 5432, however I cannot connect to it.
Here is my UFW config:
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
22 ALLOW IN Anywhere
80 ALLOW IN Anywhere
443 ALLOW IN Anywhere
127.0.0.1 5432 ALLOW IN 127.0.0.1
22 (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
80 ALLOW OUT Anywhere
22 ALLOW OUT Anywhere
443 ALLOW OUT Anywhere
53 ALLOW OUT Anywhere
33434:33524/udp ALLOW OUT Anywhere
127.0.0.1 5432 ALLOW OUT 127.0.0.1
80 (v6) ALLOW OUT Anywhere (v6)
22 (v6) ALLOW OUT Anywhere (v6)
443 (v6) ALLOW OUT Anywhere (v6)
53 (v6) ALLOW OUT Anywhere (v6)
33434:33524/udp (v6) ALLOW OUT Anywhere (v6)
And netstat:
$ netstat -an | grep "LISTEN "
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN
tcp6 0 0 :::55056 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::5432 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
Just to confirm it's really ufw that prevents the connection, since if I disable it it works fine. Any idea what I am missing?
From your netstat, we can see that there's only one mention of the port 5432 (namely, the tcp6 line listening on :::5432. This shows us that your program is only listening on IPv6. Your Firewall only allows IPv4. There are two options, one is that you permit IPv6 address ::1 (which is the IPv6 localhost equivalent) to connect to that service in your firewall, and the other is to get your program to listen on IPv4. The best is probably to do both.