|
From: John H. <jh...@im...> - 2016-04-21 23:27:24
|
On Thu, 21 Apr 2016, Markus Metz wrote: > Hi John and others: > > I used nmap: > > nmap -p T:5432 localhost > > ouput: > Port state Service > 5432/tcp open postgresql > > So, the port should be reachable. Please clarify this detail: are you also running squirrel on the server computer itself? I gather you're not from the discussion so far, please tell us explicitly. If you're not, run the nmap and telnet tests against the IP address Squirrel is configured to use, **from the client computer**. If you're not running Squirrel on the server, it's not relevant whether or not the server can successfully talk to itself via localhost. And if you *are* running Squirrel on the server itself, try configuring it to connect to 127.0.0.1 > I executed the tcpdump command on the linux server and ran squirell. This > is the ouput: > > 14:36:32.1111111 IP hostname.58260 > hostname.postgres: Flags [S], seq > 1111111111, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], > length 0 > 14:36:35.222222 IP hostname.58260 > hostname.postgres: Flags [S], seq > 1111111111, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], > length 0 > 14:36:41.222222 IP hostname.58260 > hostname.postgres: Flags [S], seq > 1111111111, win 8192, options [mss 1460,nop,nop,sackOK], length 0 Apologies, add "-n" to the tcpdump command line and you'll get port numbers and IP addresses rather than names. That may make it a little easier to interpret. It looks from that like the client is sending the initial packet of the three-way TCP handshake and is not getting a response from the server (there are no SYN/ACK packets in response). It retries twice more and gives up. However: this trace won't tell you if the server is sending ICMP port unreachable responses, which is what I would expect if you're seeing "connection denied" on the client end. Run the nmap and telnet tests from the client end and see if they report connectivity problems. And on the server run this tcpdump command to capture a little more info: tcpdump -n -i eth0 ip host ip.address.of.client Where "ip.address.of.client" is the client computer's IP address. Then try to connect again. I kinda expect to see the inbound TCP SYN (like above), and in response an ICMP port unreachable packet (which would explain the "connection refused"). > Not sure what it means. Can you please help? Check the firewalling on the server, it may not be configured to allow inbound traffic to the postgres port from that client / at all. > Thank you, > Markus > > On Thu, Apr 21, 2016 at 2:33 PM, John Hardin <jh...@im...> wrote: > >> On Thu, 21 Apr 2016, Markus Metz wrote: >> >> Java.util.concurrent.ExecutionException: java.lang.RuntimeException: >>> org.postgresql.util.PSQLException: Connection to 10.2.44.27:5432 refused. >>> >> >> Can you telnet to 10.2.44.27:5432 from the client? Granted you probably >> won't be able to talk the postgres protocol, but that would confirm whether >> or not you have basic network connectivity. >> >> Just to confirm that squirrel actually is attempting to connect: >> immediately after getting that error, on the client run a netstat command. >> You *should* see a TCP connection with the database server's IP/name and >> port number on the "far end". >> >> You could also run something like "tcpdump -i eth0 tcp port 5432" on your >> client (assuming *nix and needed privileges) to see whether it's trying a >> network connection. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jh...@im... FALaholic #11174 pgpk -a jh...@im... key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- ...in the 2nd amendment the right to arms clause means you have the right to choose how many arms you want, and the militia clause means that Congress can punish you if the answer is "none." -- David Hardy, 2nd Amendment scholar ----------------------------------------------------------------------- 2 days until Max Planck's 158th birthday |
