What do I change 10.10.29.0/24 to in my Postgres server?



  • I am setting a server up with my Raspberry Pi running Rasbian OS by Debian and the SQL I am planning to use is PostgreSQL.

    What I am hoping to do is create a server where I can save peoples information when they sign up. I have connected to the Raspberry Pi remotely on my mac and now I am stuck.

    I am following this tutorial: https://www.cyberciti.biz/tips/postgres-allow-remote-access-tcp-connection.html

    And it told me to edit a file with this:

    host all all 10.10.29.0/24 trust
    

    It includes that I should change the "10.10.29.0/24" part to something in my client's and network's range but I do not know what to change it to.

    Also, when I edit the file, I do not know how to save it so if anyone knows how to go about that please do tell me.



  • You might want to consider looking at the https://www.postgresql.org/docs/9.1/auth-pg-hba-conf.html file.

    This file is used by the PostgreSQL instance to determine how hosts/computers/accounts are allowed to connect to the instance/database via a certain method.

    The first couple of lines from the example pg_hba.conf file in the official documentation are a good summary of how you can set the access permissions for a given PostgrSQL instance:

     # Allow any user on the local system to connect to any database with
     # any database user name using Unix-domain sockets (the default for local
     # connections).
     #
     # TYPE  DATABASE        USER            ADDRESS                 METHOD
     local   all             all                                     trust
    

    The same using local loopback TCP/IP connections.

    TYPE DATABASE USER ADDRESS METHOD

    host all all 127.0.0.1/32 trust

    The same as the previous line, but using a separate netmask column

    TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD

    host all all 127.0.0.1 255.255.255.255 trust

    The same over IPv6.

    TYPE DATABASE USER ADDRESS METHOD

    host all all ::1/128 trust

    Instead of replacing the entry host all all 10.10.29.0/24 trust as you pointed out in your question to something that matches your network configuration, just comment out the line and create a new line.

    # TYPE  DATABASE        USER            ADDRESS                 METHOD
    # host  all             all             10.10.29.0/24           trust
    

    Let's say, if your server is running with an IP address of 10.112.19.24 and you only want the application located on the same server to access the mydatabase and you have a dedicated user for that database named my_user, then the line might look like this:

    # TYPE  DATABASE        USER            ADDRESS                 METHOD
    # host  all             all             10.10.29.0/24           trust
    local   mydatabase      my_user                                 trust
    

    No need to add an IP address. This line basically tells the PostgreSQL instance to allow a connection on the same server to access the mydatabase with the user my_user.

    Now if somebody comes along from an external source (10.112.19.26) and tries to access the same database (mydatabase) with the same user (my_user), then the access will be denied, because the source IP address would conflict with the configuration you just made.

    You would have to add another IP address line or just allow a certain subnet to access the database. E.g.

    # TYPE  DATABASE        USER            ADDRESS                 METHOD
    # host  all             all             10.10.29.0/24           trust
    local   mydatabase      my_user                                 trust
    host    mydatabase      my_user         10.112.19.0/26          trust
    

    The 10.112.19.0/26 is the CIDR notation of an IP range. In this case it resolve to:

    first address: 10.112.19.0
    last address:  10.112.19.63
    subnet mask:   255.255.255.192
    

    So anybody in that range could connect to your mydatabase with the user my_user. Depending on your network configuration you might require a different CIDR notation.

    Answering Your Question

    What do I change 10.10.29.0/24 to in my Postgres server?

    1. Use either the local .... configuration setting if the PostgreSQL instance is on the same server as your application.

    2. If the database is located on a different host than the hosts connecting to the database, then use the host .... configuration setting, with an IP address that comes from the client range you are expecting.

    3. If the connections are coming from a single host then you could use something like the following line:

      # TYPE  DATABASE        USER            ADDRESS                 METHOD
      # host  all             all             10.10.29.0/24           trust
      local   mydatabase      my_user                                 trust
      host    mydatabase      my_user         10.112.19.13/32         trust # <

      This is basically telling the PostgreSQL instance to accept connections from one IP address. If your servers IP address that is connecting is 10.1.1.1 then the line becomes:

      host    mydatabase      my_user         10.1.1.1/32         trust 
      

    Good luck.


Log in to reply
 


Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2