[Pgpool-general] PgPool-II + Iptables

"Ing. Marcos Ortíz Valmaseda" mlortiz at uci.cu
Thu Jun 17 16:00:42 UTC 2010 

Regards to all list
I´m configurating a security schema bases on Iptables for PgPool-II, and 
I have some doubts about it.
This is my iptables_script for that:

## FLUSH Rules

iptables -F
iptables -X
iptables -Z
iptables -t nat -F

## Stablish the policy by default

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT


iptables -A INPUT -i lo -j ACCEPT

# To our IP we let everything

iptables –A INPUT –s 10.34.17.55 –j ACCEPT
iptables –A INPUT –s 10.34.17.56 –j ACCEPT
iptables –A INPUT –s 10.34.17.180 –j ACCEPT

# Open the desired ports
iptables –A INPUT –p tcp -–dport 5432 –j ACCEPT
iptables –A INPUT –p tcp –-dport 22 –j ACCEPT
iptables –A INPUT –p tcp –-dport 694 –j ACCEPT
iptables –A INPUT –p tcp –-dport 9898 –j ACCEPT
iptables –A INPUT –p tcp –-dport 9999 –j ACCEPT


Now I have a question about that:
When we start pgpool, this daemon open connections on ohter ports. When 
I executed the command ps aux | grep pgpool to see the status of the 
daemon, this is the result:

pgsql2:~# ps aux | grep pgpool
postgres 2353 0.3 1.2 7752 1948 pts/0 S 11:54 0:00 /usr/sbin/pgpool -n
postgres 2354 0.0 0.3 2976 600 pts/0 S 11:54 0:00 logger -t pgpool -p 
local0.info
postgres 2392 0.0 0.4 7752 672 pts/0 S 11:54 0:00 pgpool: PCP: wait for 
connection request
postgres 2394 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2395 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2396 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2397 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2398 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2399 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2400 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2401 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2402 0.0 0.4 7752 684 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2403 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2404 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2405 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2406 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2407 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2408 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2409 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2410 0.0 0.4 7752 684 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2411 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2412 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2413 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2414 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2415 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2416 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2417 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2418 0.0 0.4 7752 684 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2419 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2420 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2421 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2422 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2423 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2424 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
postgres 2425 0.0 0.4 7752 680 pts/0 S 11:54 0:00 pgpool: wait for 
connection request
root 2427 0.0 0.4 3116 760 pts/0 S+ 11:54 0:00 grep pgpool
pgsql2:~#

It these the open connections or what?
Do PgPool-II open other port to wait for connections ?
If this is the case,
Which are the other ports that I have to open on my firewall?

Regards and I´ll be waiting your answers.




Ing. Marcos Luís Ortíz Valmaseda
Linux User # 418229&&  PostgreSQL DBA
Centro de Tecnologías Gestión de Datos (DATEC)
http://postgresql.uci.cu
http://www.postgresql.org
http://it.toolbox.com/blogs/sql-apprentice

More information about the Pgpool-general mailing list