Proxy Server ...

"Marc G. Fournier" <scrappy@hub.org> writes:

does anyone know of a proxy server that i can run on a server to "pretend"
its a postgresql server? so that I can connect to IP:port and have it
establish a connection to IP:5432?

[ scratches head ] Why don't you just start the postmaster listening
to the other port instead of 5432? Seems like a proxy inside the jail
wouldn't really do anything the postmaster itself wouldn't do.

Possibly setting VIRTUAL_HOST would help too, if the problem is that
the postmaster is trying to bind to addresses it's not allowed to.

regards, tom lane

On Mon, 24 Jun 2002, Tom Lane wrote:

"Marc G. Fournier" <scrappy@hub.org> writes:

does anyone know of a proxy server that i can run on a server to "pretend"
its a postgresql server? so that I can connect to IP:port and have it
establish a connection to IP:5432?

[ scratches head ] Why don't you just start the postmaster listening
to the other port instead of 5432? Seems like a proxy inside the jail
wouldn't really do anything the postmaster itself wouldn't do.

Possibly setting VIRTUAL_HOST would help too, if the problem is that
the postmaster is trying to bind to addresses it's not allowed to.

Not possible to run a postmaster inside of the jail itself, which would
*really* simplify things :(

"Marc G. Fournier" <scrappy@hub.org> writes:

Not possible to run a postmaster inside of the jail itself, which would
*really* simplify things :(

Oh, you're thinking proxy inside jail, postmaster outside? How would
the proxy communicate with the postmaster then?

regards, tom lane

Marc G. Fournier dijo:

does anyone know of a proxy server that i can run on a server to "pretend"
its a postgresql server? so that I can connect to IP:port and have it
establish a connection to IP:5432?

You can use OpenSSH for that.

--
Alvaro Herrera (<alvherre[a]atentus.com>)
"Pensar que el espectro que vemos es ilusorio no lo despoja de espanto,
s�lo le suma el nuevo terror de la locura" (Perelandra, CSLewis)

On Mon, 24 Jun 2002, Tom Lane wrote:

"Marc G. Fournier" <scrappy@hub.org> writes:

Not possible to run a postmaster inside of the jail itself, which would
*really* simplify things :(

Oh, you're thinking proxy inside jail, postmaster outside? How would
the proxy communicate with the postmaster then?

Same as it always does ... ignore the 'jail' part ... use this as a
scenario:

<Internet> <-> <Proxy Server> <-192.168.0.1-> <Database Server>

Now, I have found one that appears to work great (SSLProxy) ... which uses
JDBC to connect to the database, but it requires an SSL-enabled client to
use it, which cuts out stuff that use ODBC to connect, I believe?

Marc G. Fournier wrote:

does anyone know of a proxy server that i can run on a server to "pretend"
its a postgresql server? so that I can connect to IP:port and have it
establish a connection to IP:5432?

Basically, I have a domain running in a FreeBSD jail, with a database
server behind it ... the database server isn't accessible from the
Internet, only from the local network ... so I need to run a proxy server
in the jail that will accept connections, thru it, to the database server
...

I need it to work for JDBC connections as well as ODBC (pgAdminII) ...
which I don't think is any different, but figured i'd mention it "just in
case" ...

I've looked at SSLProxy (JDBC Proxy server), but its SSL only, which makes
pgAdminII a problem :(

You can use FreeBSD's IPFW to "forward" the port.
See the man pages.

--
Bill Moran
Potential Technologies
http://www.potentialtech.com

On Mon, 24 Jun 2002, Bill Moran wrote:

Marc G. Fournier wrote:

does anyone know of a proxy server that i can run on a server to "pretend"
its a postgresql server? so that I can connect to IP:port and have it
establish a connection to IP:5432?

Basically, I have a domain running in a FreeBSD jail, with a database
server behind it ... the database server isn't accessible from the
Internet, only from the local network ... so I need to run a proxy server
in the jail that will accept connections, thru it, to the database server
...

I need it to work for JDBC connections as well as ODBC (pgAdminII) ...
which I don't think is any different, but figured i'd mention it "just in
case" ...

I've looked at SSLProxy (JDBC Proxy server), but its SSL only, which makes
pgAdminII a problem :(

You can use FreeBSD's IPFW to "forward" the port.
See the man pages.

Not doable inside of a jail, as far as I'm aware ... ;(

Marc G. Fournier sez:
} does anyone know of a proxy server that i can run on a server to "pretend"
} its a postgresql server? so that I can connect to IP:port and have it
} establish a connection to IP:5432?
}
} Basically, I have a domain running in a FreeBSD jail, with a database
} server behind it ... the database server isn't accessible from the
} Internet, only from the local network ... so I need to run a proxy server
} in the jail that will accept connections, thru it, to the database server
} ...
}
} I need it to work for JDBC connections as well as ODBC (pgAdminII) ...
} which I don't think is any different, but figured i'd mention it "just in
} case" ...
}
} I've looked at SSLProxy (JDBC Proxy server), but its SSL only, which makes
} pgAdminII a problem :(

There are several possible solutions. The simplest is to use the socket
program, which will do what you want (with minor trickery, see the man
page); it can be found at http://sources.isc.org/network/utils/socket.txt .
Another is to use ssh with the -L or -R flag (look at the man page). Still
yet another is that if you are running a firewall and natd, which is what
it sounds like, natd has a -redirect_port flag which will let you do what
you want (again, see the man page). Again, those solutions are:

1. socket -bfslp "socket <pg host> 5432" <listenport>
2. ssh -L <listenport>:<pg host>:5432
3. natd -redirect_port tcp <host>:<listenport> <pg host>:5432

(I'm not too sure of those commandlines. Some testing and reading of man
pages may be necessary.)

} Thanks ...
--Greg

On Mon, Jun 24, 2002 at 04:13:02PM -0300, Marc G. Fournier wrote:

does anyone know of a proxy server that i can run on a server to "pretend"
its a postgresql server? so that I can connect to IP:port and have it
establish a connection to IP:5432?

I've always used netcat for this purpose. add it to inetd with a line to
connect to the other server.

I beleive there is also a program named redir which does a similar thing
without using inetd.

HTH,
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/

does anyone know of a proxy server that i can run on a server to
"pretend" its a postgresql server? so that I can connect to
IP:port and have it establish a connection to IP:5432?

[ scratches head ] Why don't you just start the postmaster
listening to the other port instead of 5432? Seems like a proxy
inside the jail wouldn't really do anything the postmaster itself
wouldn't do.

Possibly setting VIRTUAL_HOST would help too, if the problem is
that the postmaster is trying to bind to addresses it's not
allowed to.

Not possible to run a postmaster inside of the jail itself, which
would *really* simplify things :(

Do you know what part of postgresql doesn't work inside of a jail?

As someone suggested, ipfw fwd _should_ do the trick. I'd be curious
as to why it wouldn't. -sc

--
Sean Chittenden

On Mon, 24 Jun 2002, Sean Chittenden wrote:

does anyone know of a proxy server that i can run on a server to
"pretend" its a postgresql server? so that I can connect to
IP:port and have it establish a connection to IP:5432?

[ scratches head ] Why don't you just start the postmaster
listening to the other port instead of 5432? Seems like a proxy
inside the jail wouldn't really do anything the postmaster itself
wouldn't do.

Possibly setting VIRTUAL_HOST would help too, if the problem is
that the postmaster is trying to bind to addresses it's not
allowed to.

Not possible to run a postmaster inside of the jail itself, which
would *really* simplify things :(

Do you know what part of postgresql doesn't work inside of a jail?

shared memory is highly recommend to not be used within a jail'd
environment for various reasons ...

As someone suggested, ipfw fwd _should_ do the trick. I'd be curious as
to why it wouldn't. -sc

ipfw would have to be used at the operating system level, I want/require
it to be redireected at the jail level for accountability reasons ...

Do you have a way of doing destination nat?

On Linux, I map inbound IP/port requests using iptables at the firewall
to my private address space. No proxying needed. I'm sure there is a
freebsd function that is similar.

David

Marc G. Fournier wrote:

In C I would like to tell if an insert failed and why. In particular if
it failed because of a duplicate value in a field marked unique.

Can this be done, how? If not, is their a work around besides querying
each unique field for a dup?

Thanks,

Jeremy

Jeremy Cowgar <develop@cowgar.com> writes:

In C I would like to tell if an insert failed and why. In particular if
it failed because of a duplicate value in a field marked unique.

Right now, the only way to tell this is to look at the error message
(PQerrorMessage), which will say something like

ERROR: Cannot insert a duplicate key into unique index foo_f1_key

This is pretty grotty, but until we get around to supporting proper
error codes, it's the only way ...

regards, tom lane