The output from the netstat command is this: tcp 0 0 0.0.0.0:15432 0.0.0.:* LISTEN - tcp6... unix. 2. [ ACC ] STREAM. LISTENING. 34094. - /var/run/ postgresql/.s.PGSQL.15432
When I try to telnet in the message is: Trying 192.168.2.101... telnet: Unable to connect to remote host: Connection refused Yes, the error still occurs even if I disable the firewall. Thanks for looking at my question. On Tuesday, June 4, 2019 at 12:24:56 AM UTC-7, Alvaro Miranda Aguilera wrote: > > hello > > on the postgresql node whats the output of > > sudo netstat -anp | grep 15432 > > on the web VM you need to connect to the DB as 192.168.2.101 15432 > > test with > telnet 192.168.2.101 15432 > > and if you disable the firewall does it work? > > On Mon, Jun 3, 2019 at 6:25 PM Robert <[email protected] <javascript:>> > wrote: > >> I have two Vagrant VMs, one configured as a web server and the other a >> database server. When I try to run a psql command on the web server >> against my inventory database on the database server, the connection is >> refused: >> >> psql -h db00 -U dsmith -d inventory -p 15432 >> >> >> psql: could not connect to server: Connection refused >> Is the server running on the host "db00" (192.168.2.101) and >> accepting >> TCP/IP connections on port 15432? >> >> >> Here is my Vagrantfile: >> >> VAGRANTFILE_API_VERSION = "2" >> Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| >> config.vm.box = "debian/stretch64" >> config.vm.synced_folder "./shared", "/vagrant", type: "virtualbox" >> ENV['ANSIBLE_ROLES_PATH'] = "/Users/dsmith/playbooks/roles-debian9" >> >> >> config.vm.define "db" do |db| >> db.vm.hostname = "db00.example.com" >> db.vm.network :private_network, ip: "192.168.2.101" >> db.vm.network :forwarded_port, guest: 5432, host: 15432 >> config.vm.provision "ansible" do |ansible| >> ansible.playbook = "provision.yml" >> ansible.compatibility_mode = "2.0" >> ansible.become = true >> end >> end >> >> >> config.vm.define "web" do |web| >> web.vm.hostname = "web00.example.com" >> web.vm.network :private_network, ip: "192.168.2.102" >> web.ssh.forward_agent = true >> config.vm.provision "ansible" do |ansible| >> ansible.playbook = "provision.yml" >> ansible.compatibility_mode = "2.0" >> ansible.become = true >> end >> end >> end >> >> >> The key line here is the network forwarded_port line. I think I'm >> telling Vagrant that if a request comes in to the database server VM on >> port 5432, forward it to port 15432 on the server itself which is the port >> I've configured PostgreSQL to listen to on that server. From my research, >> I think this is what I'm supposed to do but I'm not sure. >> >> Here is my PostgreSQL configuration file: >> >> # /etc/postgresql/9.6/main/postgresql.conf >> data_directory = '/var/lib/postgresql/9.6/main' >> hba_file = '/etc/postgresql/9.6/main/pg_hba.conf' >> ident_file = '/etc/postgresql/9.6/main/pg_ident.conf' >> external_pid_file = '/var/run/postgresql/9.6-main.pid' >> listen_addresses = '*' >> port = 15432 >> unix_socket_directories = '/var/run/postgresql' >> >> >> Here is my authentication configuration file: >> >> # /etc/postgresql/9.6/main/pg_hba.conf >> local all postgres peer >> local all all peer >> host all all 127.0.0.1/32 md5 >> host all all ::1/128 md5 >> host all all 0.0.0.0/0 trust >> >> >> From my research, the "listen_addresses" line is important in the >> postgres config file and the "host all all..." line is important in the hba >> config file. >> >> Here are the firewall rules running on the database server: >> >> *filter >> :INPUT ACCEPT [0:0] >> :FORWARD ACCEPT [0:0] >> :OUTPUT ACCEPT [1037:93696] >> -A INPUT -i lo -j ACCEPT >> -A INPUT -s 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port- >> unreachable >> -A INPUT -p icmp -m state --state NEW -m icmp --icmp-type 8 -j ACCEPT >> -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT >> -A INPUT -s 192.168.2.102/32 -d 192.168.2.101/32 -p tcp -m tcp --sport >> 1024:65535 --dport 15432 -m state --state NEW,ESTABLISHED -j ACCEPT >> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT >> -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: >> " --log-level 7 >> -A INPUT -j REJECT --reject-with icmp-port-unreachable >> -A FORWARD -m limit --limit 5/min -j LOG --log-prefix >> "iptables_FORWARD_denied: >> " --log-level 7 >> -A FORWARD -j REJECT --reject-with icmp-port-unreachable >> -A OUTPUT -s 192.168.2.101/32 -d 192.168.2.102/32 -p tcp -m tcp --sport >> 5432 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT >> COMMIT >> >> >> The important rule is the one that says that anything from 192.168.2.102 >> (web00) to 192.168.2.101 (db00) on port 15432 is accepted. But I really >> don't think the firewall is the problem since I get the same error if I >> flush all the rules. >> >> What am I doing wrong here? I've tried to think it through but I'm >> missing something. >> >> -- >> This mailing list is governed under the HashiCorp Community Guidelines - >> https://www.hashicorp.com/community-guidelines.html. Behavior in >> violation of those guidelines may result in your removal from this mailing >> list. >> >> GitHub Issues: https://github.com/mitchellh/vagrant/issues >> IRC: #vagrant on Freenode >> --- >> You received this message because you are subscribed to the Google Groups >> "Vagrant" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/vagrant-up/caf83f35-74a9-4239-a27c-de758bbe7dd9%40googlegroups.com >> >> <https://groups.google.com/d/msgid/vagrant-up/caf83f35-74a9-4239-a27c-de758bbe7dd9%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > Alvaro > > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/vagrant/issues IRC: #vagrant on Freenode --- You received this message because you are subscribed to the Google Groups "Vagrant" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/dca0b03c-1669-43ea-b460-39b653363cd5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
