How to configure postgresql postgresql.conf listen_addresses for multiple ip addresses [closed]
I can connect just fine to a remote postgresql server that has connection restrictions to a few IPs in the pg_hba.conf, but is this enough if you have listen_addresses
set to "*"
in the postgresql.conf file?
That files indicates that that parameter can take a comma separated list of ip addresses, but if i do that, I lose the ability to connect remotely.
postgresql-8.4.9 rhel
Solution 1:
listen_addresses controls which IPs the server will answer on, not which IPs the server will permit connections to authenticate from. It's entirely reasonable and normal to use listen_addresses '*'
so the server will accept incoming connections on any ip assigned to an interface on the postgresql server host, while using pg_hba.conf to control access at a finer grained level for which IPs the server will accept logins from for specific databases and users.
Solution 2:
Setting listen_addresses to '*' is normal, as dbenhur points out. Also you can use tools such as iptables to deny access to the port apart from certain remote IPs. You can even do both: redundancy in security is not necessarily a bad thing (although, relying on IP address security isn't so good).