How to Troubleshoot PostgreSQL “Connection Timed Out” Error on Remote Server


4 views

When attempting to connect to a PostgreSQL server remotely using the command:

psql -h {hostname}

You encounter the error:

psql: could not connect to server: Connection timed out (0x0000274C/10060)
Is the server running on host "{hostname}" (194.58.98.133) and accepting TCP/IP connections on port 5432?

On the server, checking the listening ports shows PostgreSQL is indeed running:

netstat -nlp | grep 5432
tcp   0 0 0.0.0.0:5432   0.0.0.0:*  LISTEN  29609/postmaster
tcp        0      0 :::5432  :::*  LISTEN      29609/postmaster
unix  2   [ ACC ]  STREAM   LISTENING 2107633273 29609/postmaster   /tmp/.s.PGSQL.5432

Based on the information provided, here are potential causes to investigate:

1. PostgreSQL Configuration Issues

Check postgresql.conf for these critical parameters:

listen_addresses = '*'          # or specific IPs
port = 5432                     # default PostgreSQL port

2. Missing pg_hba.conf Entry

Verify the host-based authentication file contains an entry for your client IP:

# TYPE  DATABASE  USER  ADDRESS        METHOD
host    all       all   192.168.1.0/24 md5
host    all       all   ::/0           md5  # IPv6 equivalent

3. Network-Level Blocking

Even without iptables, check these possibilities:

  • Cloud provider security groups (AWS/Azure/GCP firewall rules)
  • Network ACLs
  • Intermediate firewalls

Step 1: Verify Basic Connectivity

# From client machine
telnet {hostname} 5432
nc -zv {hostname} 5432

Step 2: Check Cloud Provider Settings

For AWS EC2 example:

aws ec2 describe-security-groups --group-ids sg-xxxxxx --query 'SecurityGroups[0].IpPermissions'

Step 3: Advanced Network Diagnostics

# On Linux client
traceroute {hostname}
mtr {hostname}

# Check if port is open from external perspective
nmap -p 5432 {hostname}

After identifying the specific cause, implement the appropriate fix:

Example Fix for AWS Security Groups

aws ec2 authorize-security-group-ingress \
    --group-id sg-xxxxxx \
    --protocol tcp \
    --port 5432 \
    --cidr {your_ip}/32

PostgreSQL Configuration Update

# In postgresql.conf
listen_addresses = '*'

# In pg_hba.conf
host    all             all             {your_ip}/32          md5

# After changes
sudo systemctl restart postgresql

To confirm the server is properly configured for remote access:

# On server
ss -tulnp | grep postgres
sudo grep -E 'listen|port' /etc/postgresql/*/main/postgresql.conf

If direct connection remains problematic, consider:

  • SSH tunneling: ssh -L 5433:localhost:5432 user@{hostname}
  • Connection pooling with pgBouncer
  • VPN access to the private network

Before declaring the issue unresolved, ensure you've verified:

  1. PostgreSQL service is running
  2. Configuration files are properly set
  3. Port is not blocked at any network level
  4. Authentication rules permit your connection
  5. No SELinux/apparmor restrictions exist

When you encounter the error message psql: could not connect to server: Connection timed out while trying to connect to a remote PostgreSQL server, it typically indicates a network-level blocking rather than a PostgreSQL configuration issue. The server appears to be running (as shown by netstat), but the client cannot establish a TCP connection.

First, let's confirm basic network connectivity:

# Check if the server responds to ping
ping 194.58.98.133

# Test if the port is reachable (timeout after 5 seconds)
nc -zv 194.58.98.133 5432 -w 5

# Alternative using telnet
telnet 194.58.98.133 5432

The most frequent causes for this specific error include:

  • Network firewall blocking port 5432
  • Cloud provider security group misconfiguration
  • PostgreSQL not configured to listen on external interfaces
  • Network routing issues between client and server

On the server, verify these critical settings in postgresql.conf:

# Listen on all available interfaces
listen_addresses = '*'

# Connection settings
port = 5432
max_connections = 100

And in pg_hba.conf, ensure you have a line allowing remote connections:

# TYPE  DATABASE  USER  ADDRESS  METHOD
host    all       all   0.0.0.0/0   md5

For cloud-hosted PostgreSQL instances (AWS, GCP, Azure), check:

# AWS Security Groups example:
aws ec2 describe-security-groups --group-ids sg-12345678

# Typical required inbound rule:
Protocol: TCP
Port Range: 5432
Source: Your IP or 0.0.0.0/0 (for testing)

These Linux commands help identify connection issues:

# Check active connections
ss -tulnp | grep 5432

# View firewall rules (even if iptables isn't running)
iptables -L -n -v

# Check for dropped packets
dmesg | grep -i dropped

# Trace the connection path
traceroute 194.58.98.133
mtr 194.58.98.133

Before using psql, test with lower-level tools:

# Using curl to test socket connection
curl -v telnet://194.58.98.133:5432

# Using Python for quick connection test
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(5)
try:
    s.connect(('194.58.98.133', 5432))
    print("Connection successful")
except socket.error as e:
    print(f"Connection failed: {e}")
finally:
    s.close()

After verifying all settings, try connecting with explicit parameters:

psql -h 194.58.98.133 -p 5432 -U username -d dbname

Add these flags for better debugging:

psql -v ON_ERROR_STOP=1 --echo-hidden -h 194.58.98.133