4

(I have a basic understanding of networking)

So I read in another post that explains that listen_addresses just involves an extra layer of security before the login: How to configure postgresql postgresql.conf listen_addresses for multiple ip addresses

But what I want to know is why listen_address doesn't have to be put in CIDR format for the ips you put in there.

in pg_hba.conf it's ##.##.##.##/## for CIDR format. So why does postgresql.conf's listen_addresses use just the ip and without the subnet mask? (and also, I put my public ip address for both but access isn't allowed if I put it in listen_address which means...?

Side question (maybe for subnet): amazon ec2 doesn't let me use my public ip address/24, it has to be /32 (saying the size is too small) but i put /24 in pg_hba.conf so clearly it's valid?

4

1 回答 1

7

You cannot listen to a CIDR range in any OS I know of. Essentially, what happens is that listen_addresses is matched to one or more IP interfaces by the host OS, which binds PostgreSQL's listening socket(s) to those interfaces.

listen_addresses controls what network interfaces PostgreSQL can accept connections on, not what clients can connect to PostgreSQL.

In the case of EC2, listen_addresses cannot contain your public IP because it is not a local interface on the host. You must listen on the actual network interface, which for EC2 is usually a 10.x.x.x private IP. In practice there's no point setting listen_addresses to anything except * on EC2 unless you're using VPC and have added multiple interfaces to your host connected to different subnets.

于 2013-02-28T00:52:27.667 回答