weird network issue
This is a discussion on weird network issue within the pgsql Admins forums, part of the PostgreSQL category; --> Hi LIst; I have 2 Linux servers: 192.168.111.11 192.168.111.13 Both are running postgres v 8.2.6 I can ping the ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-10-2008, 09:19 AM
| ||||
| ||||
 weird network issue Hi LIst; I have 2 Linux servers: 192.168.111.11 192.168.111.13 Both are running postgres v 8.2.6 I can ping the .11 box from .13 and vice versa I can connect remotely from the .11 box to the .13 box but I cannot connect to the .11 box from the .13 box. I can do this: on the 192.168.111.11 box: -bash-3.1$ psql -h 192.168.111.13 Welcome to psql 8.2.6, the PostgreSQL interactive terminal. Type: \copyright for distribution terms \h for help with SQL commands \? for help with psql commands \g or terminate with semicolon to execute query \q to quit postgres=# However if I do this it fails: on the 192.168.111.13 box: -bash-3.1$ psql -h 192.168.111.11 postgres psql: could not connect to server: No route to host Is the server running on host "192.168.111.11" and accepting TCP/IP connections on port 5432? Both boxes have the same copy of the postgresql.conf file and the pg_hba.conf file. Here's the listen address setting (on the 192.168.111.11 box) from the postgresql.conf file: listen_addresses = '*' I also checked (after a restart) that the listen address and port was in fact as I thought on 192.168.111.11 : Welcome to psql 8.2.6, the PostgreSQL interactive terminal. Type: \copyright for distribution terms \h for help with SQL commands \? for help with psql commands \g or terminate with semicolon to execute query \q to quit postgres=# show listen_addresses; listen_addresses ------------------ * (1 row) postgres=# show port ; port ------ 5432 (1 row) postgres=# Here's the current pg_hba.conf file on 192.168.111.11 : # TYPE DATABASE USER CIDR-ADDRESS METHOD # "local" is for Unix domain socket connections only local all all ident sameuser # IPv4 local connections: host all all 127.0.0.1/32 ident sameuser # IPv6 local connections: host all all ::1/128 ident sameuser #DRW. This should be tighted up once the db instances are figured out host all all 192.168.111.0/24 trust I'm stumped.. Anyone have any thoughts ? Thanks in advance.      |
|
04-10-2008, 09:19 AM
| |||
| |||
| Re: weird network issue Not sure. I'm not so well versed in the firewall/networking areas. I can however do an scp pull from both machines : scp a file from 192.168.111.13 while logged onto 192.168.111.11 and scp a file from 192.168.111.11 while logged onto 192.168.111.13 Can you point me where to look for firewall/iptables/SE issues? Thanks in advance On Mar 28, 2008, at 10:45 AM, Jonathan Nalley wrote: > are you running any kind of firewall/iptables/SELinux where the > settings are perhaps not the same on the two machines? > > > From: pgsql-admin-owner@postgresql.org [mailto  gsql-admin-owner@postgresql.org> ] On Behalf Of kevin kempter > Sent: Friday, March 28, 2008 12:31 > To: pgsql-admin@postgresql.org > Subject: [ADMIN] weird network issue > > Hi LIst; > > I have 2 Linux servers: > 192.168.111.11 > 192.168.111.13 > > Both are running postgres v 8.2.6 > > I can ping the .11 box from .13 and vice versa > I can connect remotely from the .11 box to the .13 box but I cannot > connect to the .11 box from the .13 box. > > I can do this: > > on the 192.168.111.11 box: > > -bash-3.1$ psql -h 192.168.111.13 > Welcome to psql 8.2.6, the PostgreSQL interactive terminal. > > Type: \copyright for distribution terms > \h for help with SQL commands > \? for help with psql commands > \g or terminate with semicolon to execute query > \q to quit > > postgres=# > > However if I do this it fails: > > on the 192.168.111.13 box: > > -bash-3.1$ psql -h 192.168.111.11 postgres > psql: could not connect to server: No route to host > Is the server running on host "192.168.111.11" and accepting > TCP/IP connections on port 5432? > > > > Both boxes have the same copy of the postgresql.conf file and the > pg_hba.conf file. > > Here's the listen address setting (on the 192.168.111.11 box) from > the postgresql.conf file: > listen_addresses = '*' > > > I also checked (after a restart) that the listen address and port > was in fact as I thought > on 192.168.111.11 : > > > Welcome to psql 8.2.6, the PostgreSQL interactive terminal. > > Type: \copyright for distribution terms > \h for help with SQL commands > \? for help with psql commands > \g or terminate with semicolon to execute query > \q to quit > > postgres=# show listen_addresses; > listen_addresses > ------------------ > * > (1 row) > > postgres=# show port > ; > port > ------ > 5432 > (1 row) > > postgres=# > > > Here's the current pg_hba.conf file on 192.168.111.11 : > > > > # TYPE DATABASE USER CIDR-ADDRESS METHOD > > # "local" is for Unix domain socket connections only > local all all ident sameuser > # IPv4 local connections: > host all all 127.0.0.1/32 ident sameuser > # IPv6 local connections: > host all all ::1/128 ident sameuser > > #DRW. This should be tighted up once the db instances are figured out > host all all 192.168.111.0/24 trust > > > > I'm stumped.. > > Anyone have any thoughts ? > > Thanks in advance. > > -- Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin |
|
04-10-2008, 09:19 AM
| |||
| |||
| Re: weird network issue I'm not sure how to get the version however given the below listing of /boot/grub/grub.conf it's obviously Cent OS: #boot=/dev/sda default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.18-8.1.6.el5) root (hd0,0) kernel /vmlinuz-2.6.18-8.1.6.el5 ro root=/dev/VolGroup00/ LogVol00 clock= pit noapic nolapic rhgb quiet initrd /initrd-2.6.18-8.1.6.el5.img title CentOS (2.6.18-8.el5) root (hd0,0) kernel /vmlinuz-2.6.18-8.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet initrd /initrd-2.6.18-8.el5.img I also did a uname -a: [root@db1 ~]# uname -a Linux vmsrv02.myclient.local 2.6.18-8.1.6.el5 #1 SMP Thu Jun 14 17:29:04 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux I ran the telnet command and got this: -bash-3.1$ telnet 192.168.111.11 5432 Trying 192.168.111.11... telnet: connect to address 192.168.111.11: No route to host telnet: Unable to connect to remote host: No route to host However a ping works: -bash-3.1$ ping 192.168.111.11 PING 192.168.111.11 (192.168.111.11) 56(84) bytes of data. 64 bytes from 192.168.111.11: icmp_seq=1 ttl=64 time=0.438 ms 64 bytes from 192.168.111.11: icmp_seq=2 ttl=64 time=0.168 ms 64 bytes from 192.168.111.11: icmp_seq=3 ttl=64 time=0.232 ms Thanks for the help... /Kevin [root@db1 ~]#On Mar 28, 2008, at 11:03 AM, Jonathan Nalley wrote: > Could you send us the distro and version of Linux that you're using > on these two boxes? > > Just as a sanity check and assuming you have a telnet client on the . > 13 box, can you perform the following command: > > telnet 192.168.111.11 5432 > > and then paste the output to us. I guess conceptually there's not a > whole lot of difference between doing that and using psql -h > 192.168.111.11 but it might eliminate some layer of issues. If > you're familiar with nmap or similar programs you can accomplish the > same thing to ping .11 on port 5432 > >> -----Original Message----- >> From: kevin kempter [mailto:kevin@kevinkempterllc.com] >> Sent: Friday, March 28, 2008 12:56 >> To: Jonathan Nalley >> Cc: 'pgsql-admin@postgresql.org' >> Subject: Re: [ADMIN] weird network issue >> >> Not sure. I'm not so well versed in the firewall/networking areas. I >> can however do an scp pull from both machines : >> >> scp a file from 192.168.111.13 while logged onto 192.168.111.11 >> and >> scp a file from 192.168.111.11 while logged onto 192.168.111.13 >> >> >> Can you point me where to look for firewall/iptables/SE issues? >> >> >> Thanks in advance >> >> >> >> >> >> On Mar 28, 2008, at 10:45 AM, Jonathan Nalley wrote: >> >>> are you running any kind of firewall/iptables/SELinux where the >>> settings are perhaps not the same on the two machines? >>> >>> >>> From: pgsql-admin-owner@postgresql.org [mailto gsql-admin->> owner@postgresql.org >>> ] On Behalf Of kevin kempter >>> Sent: Friday, March 28, 2008 12:31 >>> To: pgsql-admin@postgresql.org >>> Subject: [ADMIN] weird network issue >>> >>> Hi LIst; >>> >>> I have 2 Linux servers: >>> 192.168.111.11 >>> 192.168.111.13 >>> >>> Both are running postgres v 8.2.6 >>> >>> I can ping the .11 box from .13 and vice versa >>> I can connect remotely from the .11 box to the .13 box but I cannot >>> connect to the .11 box from the .13 box. >>> >>> I can do this: >>> >>> on the 192.168.111.11 box: >>> >>> -bash-3.1$ psql -h 192.168.111.13 >>> Welcome to psql 8.2.6, the PostgreSQL interactive terminal. >>> >>> Type: \copyright for distribution terms >>> \h for help with SQL commands >>> \? for help with psql commands >>> \g or terminate with semicolon to execute query >>> \q to quit >>> >>> postgres=# >>> >>> However if I do this it fails: >>> >>> on the 192.168.111.13 box: >>> >>> -bash-3.1$ psql -h 192.168.111.11 postgres >>> psql: could not connect to server: No route to host >>> Is the server running on host "192.168.111.11" and accepting >>> TCP/IP connections on port 5432? >>> >>> >>> >>> Both boxes have the same copy of the postgresql.conf file and the >>> pg_hba.conf file. >>> >>> Here's the listen address setting (on the 192.168.111.11 box) from >>> the postgresql.conf file: >>> listen_addresses = '*' >>> >>> >>> I also checked (after a restart) that the listen address and port >>> was in fact as I thought >>> on 192.168.111.11 : >>> >>> >>> Welcome to psql 8.2.6, the PostgreSQL interactive terminal. >>> >>> Type: \copyright for distribution terms >>> \h for help with SQL commands >>> \? for help with psql commands >>> \g or terminate with semicolon to execute query >>> \q to quit >>> >>> postgres=# show listen_addresses; >>> listen_addresses >>> ------------------ >>> * >>> (1 row) >>> >>> postgres=# show port >>> ; >>> port >>> ------ >>> 5432 >>> (1 row) >>> >>> postgres=# >>> >>> >>> Here's the current pg_hba.conf file on 192.168.111.11 : >>> >>> >>> >>> # TYPE DATABASE USER CIDR-ADDRESS METHOD >>> >>> # "local" is for Unix domain socket connections only >>> local all all ident sameuser >>> # IPv4 local connections: >>> host all all 127.0.0.1/32 ident sameuser >>> # IPv6 local connections: >>> host all all ::1/128 ident sameuser >>> >>> #DRW. This should be tighted up once the db instances are figured >> out >>> host all all 192.168.111.0/24 trust >>> >>> >>> >>> I'm stumped.. >>> >>> Anyone have any thoughts ? >>> >>> Thanks in advance. >>> >>> >> >> > > > -- > Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-admin |
|
04-10-2008, 09:19 AM
| |||
| |||
| Re: weird network issue kevin kempter wrote: >>> >>> Can you point me where to look for firewall/iptables/SE issues? >>> Start with the output of iptables -L on both machines (you may need to run that as root). Can every other machine connect to both servers? or is it just the one server that has a problem connecting to the other? -- Shane Ambler pgSQL (at) Sheeky (dot) Biz Get Sheeky @ http://Sheeky.Biz -- Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin |
|
04-10-2008, 09:19 AM
| |||
| |||
| Re: weird network issue I'm not sure who all can connect to this box, I have several clients with pgadmin III installed that cannot get to it. This is from the 192.168.111.11 box: [root@flux ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:syslog ACCEPT udp -- anywhere anywhere udp dpt:ntp ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s sh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttps ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:v mware-authd ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:a uth ACCEPT udp -- anywhere anywhere state NEW udp dpt:a uth ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s vn ACCEPT udp -- anywhere anywhere state NEW udp dpt:s vn REJECT all -- anywhere anywhere reject- with icmp-ho st-prohibited [root@flux ~]# And this is from the 192.168.111.13 box: [root@db1 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:microsoft-d s ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-d s ACCEPT udp -- anywhere anywhere udp dpts:netbios-ns :netbios-ssn ACCEPT tcp -- anywhere anywhere tcp dpts:netbios-ns :netbios-ssn ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s mtp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s sh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttps ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt ostgres LOG all -- anywhere anywhere LOG level warning REJECT all -- anywhere anywhere reject- with icmp-ho st-prohibited [root@db1 ~]# On Mar 28, 2008, at 11:45 AM, Shane Ambler wrote: > kevin kempter wrote: > >>>> >>>> Can you point me where to look for firewall/iptables/SE issues? >>>> > > > Start with the output of iptables -L on both machines (you may need > to run that as root). > > > Can every other machine connect to both servers? > or is it just the one server that has a problem connecting to the > other? > > > > > -- > > Shane Ambler > pgSQL (at) Sheeky (dot) Biz > > Get Sheeky @ http://Sheeky.Biz > > -- > Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-admin |
|
04-10-2008, 09:19 AM
| |||
| |||
| Re: weird network issue kevin kempter wrote: > I'm not sure who all can connect to this box, I have several clients > with pgadmin III installed that cannot get to it. > And this is from the 192.168.111.13 box: > > [root@db1 ~]# iptables -L > ACCEPT tcp -- anywhere anywhere state NEW tcp dpt ostgresSo the difference you care about is this line. box .13 accepts connections from anywhere to postgres service. You need this entry to show on your .11 box You need to adjust your iptables config for this I would suggest you may want to refine that to allow only from your network (as well as the other entries that can be refined to that) -- Shane Ambler pgSQL (at) Sheeky (dot) Biz Get Sheeky @ http://Sheeky.Biz -- Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin |
|
04-10-2008, 09:19 AM
| ||||
| ||||
| Re: weird network issue You're missing this entry from your .11 box: ACCEPT tcp -- anywhere anywhere state NEW tcp dpt ostgresSo iptables goes right to the end and then rejects with "Host Prohibited" which is reported on your .13 box as "No route to host" I think the command you want on your .11 box is: /sbin/iptables --insert RH-Firewall-1-INPUT 19 --protocol tcp --destination-port 5432 -j ACCEPT THINK BEFORE YOU PRINT - Save paper if you don't really need to print this *******************Confidentiality and Privilege Notice******************* The material contained in this message is privileged and confidential to the addressee. If you are not the addressee indicated in this message or responsible for delivery of the message to such person, you may not copy or deliver this message to anyone, and you should destroy it and kindly notify the sender by reply email. Information in this message that does not relate to the official business of Weatherbeeta must be treated as neither given nor endorsed by Weatherbeeta. Weatherbeeta, its employees, contractors or associates shall not be liable for direct, indirect or consequential loss arising from transmission of this message or any attachments e-mail. -- Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin |
 |
« Re: Failover of the Primary database and starting the standby database in Postgresql in PITR configuraiton?
|
off-topic - list files on linux »
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 02:44 AM.
