Network access to Proxmox_ruledb

[ahotz]

I can connect to the ruledb without problems, but I'd like to connect to the db from within the (firewall protected) internal LAN, which is in the 10.0.0.0 range. However, all I ever get is a

FATAL: no pg_hba.conf entry for host "10.0.1.20", user "postgres", database "Proxmox_ruledb", SSL off

Even a "host all all 10.0.0.0/8 trust" in /etc/postgresql/pg_hba.conf does not help (I know I should be more restrictive, but I tried to be as permissive as possible while trying). Does Proxmox use some special settings or has special restrictions? I'm using the free version.

Regards and aTdHvAaNnKcSe
Andreas

 

[tom]

I can connect to the ruledb without problems, but I'd like to connect to the db from within the (firewall protected) internal LAN, which is in the 10.0.0.0 range. However, all I ever get is a

FATAL: no pg_hba.conf entry for host "10.0.1.20", user "postgres", database "Proxmox_ruledb", SSL off

Even a "host all all 10.0.0.0/8 trust" in /etc/postgresql/pg_hba.conf does not help (I know I should be more restrictive, but I tried to be as permissive as possible while trying). Does Proxmox use some special settings or has special restrictions? I'm using the free version.

Regards and aTdHvAaNnKcSe
Andreas

Hi Andreas,

for normal operation there is no need to access the internal proxmox database from external hosts and therefore this is not a supported operation - what do you want to query here?

 

[ahotz]

Want to get automated Info about senders

Thanks for the quick answer. I'd like to get info about who sends me mail and how many mails (it's a bit more complicated, but this is the basic idea). Of course, I could pars logfiles and so on, but getting this info from a database is MUCH easier, and proxmox stores this info in the database. Another possible way would be to store the necessary procedures on the gateway, but I don't like this idea. It seems not a very good idea to change an appliance. Access a more or less plain vanilla postgres from outside would not harm the installation, would it? So all I need to know is what blocks the outside access and how to enable it without harming Proxmox.

Regards Andreas

 

[tom]

Thanks for the quick answer. I'd like to get info about who sends me mail and how many mails (it's a bit more complicated, but this is the basic idea). Of course, I could pars logfiles and so on, but getting this info from a database is MUCH easier, and proxmox stores this info in the database. Another possible way would be to store the necessary procedures on the gateway, but I don't like this idea. It seems not a very good idea to change an appliance. Access a more or less plain vanilla postgres from outside would not harm the installation, would it? So all I need to know is what blocks the outside access and how to enable it without harming Proxmox.

Regards Andreas

Hi Andreas,
Did already see the statistics page on the Proxmox Admin-Interface? What information do you miss on there?

 

[dietmar]

I can connect to the ruledb without problems, but I'd like to connect to the db from within the (firewall protected) internal LAN, which is in the 10.0.0.0 range. However, all I ever get is a

FATAL: no pg_hba.conf entry for host "10.0.1.20", user "postgres", database "Proxmox_ruledb", SSL off

Even a "host all all 10.0.0.0/8 trust" in /etc/postgresql/pg_hba.conf does not help (I know I should be more restrictive, but I tried to be as permissive as possible while trying). Does Proxmox use some special settings or has special restrictions? I'm using the free version.

Regards and aTdHvAaNnKcSe
Andreas

Hi Andreas,

we usually use a ssh tunnel (man ssh) to access the proxmox database.

If you really want to use ph_hba.conf (insecure), you have to change the template file /var/lib/proxmox/templates/pg_hba.conf.in. Afterwards run "proxconfig -s" to syncronize the setting, the restart postgres.

- Dietmar

 

[ahotz]

I use "statistics" not realls in a sense of looking (with my eyes) what happened, but more in the mathematical sense, where it gives me input to scripted action for archival operations. I have to archive all email traffic for 10 years, and this includes unsuccessfull (greylistet) mails. I won a lawsuit in the past by being able to produce ALL mailtraffic, and I dont want to maneuver me into second position by having to admit that I don't have all mail info, even if it is just the info about a (faked) temporary technical problem. However, Dietmars answer solved the problem for me. Thanks.

 

[ahotz]

Actually I already use an SSH tunnel, but into another machine standing side by side with proxmox, and I have a secure private network from there to proxmox. That's why I want to connect via network. Your info gave me the hint I needed. Thanks a lot.
Regards Andreas