I'm using a Linux VM (Ubuntu 15.10) to spin up a Postgres Database, and as far as I can tell, everything should be configured right.
My firewall is disabled:
user@UBUNTUMACHINE:~$ sudo ufw status numbered Status: inactive
But it's only listening on port 22
user@UBUNTUMACHINE:~$ netstat -an | grep "LISTEN "
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
If I enable the firewall, and tell it to listen to 5432, it shows up in the rules:
user@UBUNTUMACHINE:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22 ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
5432/tcp ALLOW IN Anywhere
5432 ALLOW IN Anywhere
22 (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
5432/tcp (v6) ALLOW IN Anywhere (v6)
5432 (v6) ALLOW IN Anywhere (v6)
But I get the same results as above for netstat.
As far as I can tell from researching the issue, I have the correct values in my postgresql.conf file:
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
and I've tried both IP ranges and specific IPs as trusted in the pg_hba.conf file.
# Database administrative login by Unix domain socket
local all postgres ident sameuser
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
host all all 10.0.0.0/255 trust
host all all 10.11.0.0/255 trust
host all all 0.0.0.0/0 trust
Lastly, Postgres is running, per
user@UBUNTUMACHINE:~$ sudo service postgresql status
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2017-03-08 11:09:57 CST; 57min ago
Process: 787 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 787 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/postgresql.service
Mar 08 11:09:57 UBUNTUMACHINEsystemd[1]: Starting PostgreSQL RDBMS...
Mar 08 11:09:57 UBUNTUMACHINEsystemd[1]: Started PostgreSQL RDBMS.
Mar 08 11:32:21 UBUNTUMACHINEsystemd[1]: Started PostgreSQL RDBMS.
Mar 08 11:32:26 UBUNTUMACHINEsystemd[1]: Started PostgreSQL RDBMS.
Postgres refuses to start, because it refuses the netmask /255 which islarger than the possible number of bits in the (32 bits) IP-address. You could consider this to be a bit picky for the .hba parser, but it could also be considerered a configuration error.
In any case: replace the /255 by something sensible, like /24 (or /16, since you have two of these entries) And: replace the trust by something more safe, after it appears to work.