Connect to Postgres remotely, open port 5432 for Postgres in iptables
I am trying to connect to Postgres remotely but I need to open port 5432 in iptables. My current iptables configuration is as follows:
*filter
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allows all outbound traffic
# You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
# Allows SSH connections
#
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
#
-A INPUT -p tcp -m state --state NEW --dport 30000 -j ACCEPT
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT
What would I have to add in iptables to open the port? I'm trying to install phppgadmin on a different server to access the postgres database.
Thank you.
Before the "log iptables denied" and "reject all other inbound" commands you'd add
-A INPUT -p tcp --dport 5432 -s xxx.xxx.xxx.xxx -j ACCEPT
Where xxx.xxx.xxx.xxx is the IP of the server you're connecting from so you're not opening postgres up to the world.
At any point in the config, so long as it is before the log and default rejection, add the line:
-A INPUT -s $SOURCE -p tcp --dport 5432 -j ACCEPT
This permits connections on the INPUT chain from IP address or network block, in CIDR notation, limited to TCP connections on the given port.
Setting a properly restricted source is very important since you should not allow database connections globally.