ufw won't allow connections to port 5432

networking iptables firewall postgresql ufw
12,840

Just noticed in your question you have 'listen-addresses' with a hyphen - the documentation has an underscore ('listen_addresses')

Share:
12,840

Related videos on Youtube

Benjaminbl12
Author by

Benjaminbl12

Senior Client/Server developer.

Updated on September 18, 2022

Comments

  • Benjaminbl12
    Benjaminbl12 over 1 year

    I've installed Postgresql 9.4 on Ubuntu Trusty from the PGDG ppa. I've created a database and set it listen-addresses to '*'. I've made an entry in the pg_hba.conf file. I can connect locally with no trouble. Here is the entry from my pg_hba.conf:

    host all tarka 192.168.0.0/24 md5

    The problem is that the port seems blocked by UFW. I've tried several variations of the ufw command to allow postgres such as

    sudo ufw allow postgresql/tcp

    sudo ufw allow 5432/tcp

    and most recently

    sudo ufw allow from 192.168.0.0/24 to any port 5432

    I've restarted ufw each time.

    This is the status currently:

    sudo ufw status verbose
Status: active
Logging: on (low)
Default: allow (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
5432                       ALLOW IN    192.168.0.0/24
22 (v6)                    ALLOW IN    Anywhere (v6)

    The entries in iptables seem valid:

    Chain ufw-user-input (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ssh
ACCEPT     tcp  --  192.168.0.0/24       anywhere             tcp dpt:postgresql
ACCEPT     udp  --  192.168.0.0/24       anywhere             udp dpt:postgresql

    Never the less, when I try to connect from a remote machine, ufw logs:

    Sep  2 13:55:28 estuary kernel: [242754.395342] [UFW BLOCK] IN=eth0 OUT= MAC=94:de:80:27:4a:7e:b4:75:0e:97:21:29:08:00 SRC=192.168.0.13 DST=192.168.0.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43525 DF PROTO=TCP SPT=36382 DPT=21 WINDOW=29200 RES=0x00 SYN URGP=0

    In fact I can't even connect by disabling ufw. In all cases nmap reports the port 5432 is closed:

    nmap estuary -p5432

Starting Nmap 6.40 ( http://nmap.org ) at 2015-09-02 16:43 PDT
Nmap scan report for estuary (192.168.0.12)
Host is up (0.0059s latency).
PORT     STATE  SERVICE
5432/tcp closed postgresql

    In addition, I'm running nginx as a web server and it is completely accessible from the other machine.

    How can I get ufw (or whatever is actually doing it) to stop blocking port 5432?

    Edit as requested:

    Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 estuary:domain          *:*                     LISTEN     
tcp        0      0 *:51413                 *:*                     LISTEN     
tcp        0      0 *:ssh                   *:*                     LISTEN     
tcp        0      0 localhost:ipp           *:*                     LISTEN     
tcp        0      0 localhost:postgresql    *:*                     LISTEN     
tcp        0      0 *:smtp                  *:*                     LISTEN     
tcp        0      0 localhost:6010          *:*                     LISTEN     
tcp        0      0 *:49152                 *:*                     LISTEN     
tcp        0      0 *:9091                  *:*                     LISTEN     
tcp        0      0 *:5900                  *:*                     LISTEN     
tcp        0      0 *:http                  *:*                     LISTEN     
tcp        0      0 *:http-alt              *:*                     LISTEN     
tcp        0      0 192.168.0.12:ssh        cutter:46943            ESTABLISHED
tcp        1      0 192.168.0.12:46461      104.28.7.98:http        CLOSE_WAIT 
tcp        1      0 192.168.0.12:59407      89.234.156.205:http     CLOSE_WAIT 
tcp        0      0 localhost:38145         localhost:6010          ESTABLISHED
tcp        1      1 192.168.0.12:59404      89.234.156.205:http     LAST_ACK   
tcp        0      0 localhost:6010          localhost:38144         ESTABLISHED
tcp        0      0 localhost:6010          localhost:38145         ESTABLISHED
tcp        1      0 192.168.0.12:45068      89.218.2.238.stati:http CLOSE_WAIT 
tcp        0      0 192.168.0.12:9091       cutter:46825            ESTABLISHED
tcp        0      0 localhost:38144         localhost:6010          ESTABLISHED
tcp6       0      0 [::]:51413              [::]:*                  LISTEN     
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
tcp6       0      0 ip6-localhost:ipp       [::]:*                  LISTEN     
tcp6       0      0 [::]:smtp               [::]:*                  LISTEN     
tcp6       0      0 ip6-localhost:6010      [::]:*                  LISTEN     
tcp6       0      0 [::]:5900               [::]:*                  LISTEN     
tcp6       0      0 [::]:http               [::]:*                  LISTEN

    My client (cutter) connects by wireless.

    • Admin
      Admin over 8 years
      In your ufw log blocked destination port is DPT=21 not 5432. Can you give as output from command netstat -at
    • alci
      alci over 8 years
      Did you restart postgresql ? listen_adresses changes require restart... What error message does your distant client give you when you try to connect ?
    • Benjaminbl12
      Benjaminbl12 over 8 years
      Yes I certainly restarted Postgresql. I get the usual message about host not listening on IP/port. The issue seems to be the port is blocked on the server. See the latest edit.
    • Benjaminbl12
      Benjaminbl12 over 8 years
      Yes, it is plural. But it's also set to "*". What makes you say I'm only listening on localhost?
    • Brandon Xavier
      Brandon Xavier over 8 years
      "tcp 0 0 localhost:postgresql *:* LISTEN" instead of "tcp 0 0 *:postgresql *:* LISTEN"
    • Benjaminbl12
      Benjaminbl12 over 8 years
      Ahh, ok how do I change that?
    • Brandon Xavier
      Brandon Xavier over 8 years
      Something seems to be amiss with your listen_addresses statement and per the documentation, localhost is the default. You could try changing it from '*' to '0.0.0.0' or '192.168.0.12' Or post the statement you have here. Reference: postgresql.org/docs/9.4/static/runtime-config-connection.htm‌​l
    • Brandon Xavier
      Brandon Xavier over 8 years
      Just noticed in your question you have 'listen-addresses" with a hypen - the documentation has an underscore ('listen_addresses')
    • Benjaminbl12
      Benjaminbl12 over 8 years
      You got it Brandon! Somehow I replace the underscore with a dash. All is well now. Make that an answer and I will accept.
  • Benjaminbl12
    Benjaminbl12 over 8 years
    Man my eyes are getting bad.
  • Brandon Xavier
    Brandon Xavier over 8 years
    Do like I do and blame it on the font ;-)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

ufw firewall deny outgoing but allow browser
Configure UFW to allow only established and related conections (on IPv4)
How do I allow multiple ports simultaneously in UFW?
Open port 80 on Ubuntu server
UFW/IPTables: how to securely allow authenticated git access with github
Problems allowing outgoing multicast in ufw
How can I allow ssh connection from an IP subnet on port 10022 using iptables?
UFW BLOCK syslog - tcp/ip is blocked and this is allowed in UFW - GPS TRACKING/TCP/UDP report server
Configuring NAT with ufw instead iptables
Correct way to masquerade IP in iptables