What do I change 10.10.29.0/24 to in my Postgres server?

by

The question:

I am setting a server up with my Raspberry Pi running Rasbian OS by Debian and the SQL I am planning to use is PostgreSQL.

What I am hoping to do is create a server where I can save peoples information when they sign up. I have connected to the Raspberry Pi remotely on my mac and now I am stuck.

I am following this tutorial:
https://www.cyberciti.biz/tips/postgres-allow-remote-access-tcp-connection.html

And it told me to edit a file with this:

host all all 10.10.29.0/24 trust

It includes that I should change the “10.10.29.0/24” part to something in my client’s and network’s range but I do not know what to change it to.

Also, when I edit the file, I do not know how to save it so if anyone knows how to go about that please do tell me.

The Solutions:

Below are the methods you can try. The first solution is probably the best. Try others if the first one doesn’t work. Senior developers aren’t just copying/pasting – they read the methods carefully & apply them wisely to each case.

Method 1

You might want to consider looking at the official documentation for the settings in pg_hba.conf file.

This file is used by the PostgreSQL instance to determine how hosts/computers/accounts are allowed to connect to the instance/database via a certain method.

The first couple of lines from the example pg_hba.conf file in the official documentation are a good summary of how you can set the access permissions for a given PostgrSQL instance:

 # Allow any user on the local system to connect to any database with
 # any database user name using Unix-domain sockets (the default for local
 # connections).
 #
 # TYPE  DATABASE        USER            ADDRESS                 METHOD
 local   all             all                                     trust
 
 # The same using local loopback TCP/IP connections.
 #
 # TYPE  DATABASE        USER            ADDRESS                 METHOD
 host    all             all             127.0.0.1/32            trust
 
 # The same as the previous line, but using a separate netmask column
 #
 # TYPE  DATABASE        USER            IP-ADDRESS      IP-MASK             METHOD
 host    all             all             127.0.0.1       255.255.255.255     trust
 
 # The same over IPv6.
 #
 # TYPE  DATABASE        USER            ADDRESS                 METHOD
 host    all             all             ::1/128                 trust

Instead of replacing the entry host all all 10.10.29.0/24 trust as you pointed out in your question to something that matches your network configuration, just comment out the line and create a new line.

# TYPE  DATABASE        USER            ADDRESS                 METHOD
# host  all             all             10.10.29.0/24           trust

Let’s say, if your server is running with an IP address of 10.112.19.24 and you only want the application located on the same server to access the mydatabase and you have a dedicated user for that database named my_user, then the line might look like this:

# TYPE  DATABASE        USER            ADDRESS                 METHOD
# host  all             all             10.10.29.0/24           trust
local   mydatabase      my_user                                 trust

No need to add an IP address. This line basically tells the PostgreSQL instance to allow a connection on the same server to access the mydatabase with the user my_user.

Now if somebody comes along from an external source (10.112.19.26) and tries to access the same database (mydatabase) with the same user (my_user), then the access will be denied, because the source IP address would conflict with the configuration you just made.

You would have to add another IP address line or just allow a certain subnet to access the database. E.g.

# TYPE  DATABASE        USER            ADDRESS                 METHOD
# host  all             all             10.10.29.0/24           trust
local   mydatabase      my_user                                 trust
host    mydatabase      my_user         10.112.19.0/26          trust

The 10.112.19.0/26 is the CIDR notation of an IP range. In this case it resolve to:

first address: 10.112.19.0
last address:  10.112.19.63
subnet mask:   255.255.255.192

So anybody in that range could connect to your mydatabase with the user my_user.
Depending on your network configuration you might require a different CIDR notation.

Answering Your Question

What do I change 10.10.29.0/24 to in my Postgres server?

  1. Use either the local .... configuration setting if the PostgreSQL instance is on the same server as your application.

  2. If the database is located on a different host than the hosts connecting to the database, then use the host ....
    configuration setting, with an IP address that comes from the client range you are expecting.

  3. If the connections are coming from a single host then you could use something like the following line:

    # TYPE  DATABASE        USER            ADDRESS                 METHOD
# host  all             all             10.10.29.0/24           trust
local   mydatabase      my_user                                 trust
host    mydatabase      my_user         10.112.19.13/32         trust # <<== THIS LINE

    This is basically telling the PostgreSQL instance to accept connections from one IP address. If your servers IP address that is connecting is 10.1.1.1 then the line becomes:

    host    mydatabase      my_user         10.1.1.1/32         trust

Good luck.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Comment