Remote access

Allow remote connections to PostgreSQL on Windows — pg_hba.conf & firewall guide

Enable remote connections to PostgreSQL on Windows in three steps: set listen_addresses in postgresql.conf, add client rules to pg_hba.conf, and open port 5432 in Windows Firewall.

By default PostgreSQL only accepts connections from localhost. Enabling remote connections requires changes to both postgresql.conf AND pg_hba.conf AND Windows Firewall. All three must be configured.
Three steps

Enable remote connections step by step

  • 1

    Edit postgresql.conf — set listen_addresses

    Open postgresql.conf in the data directory and change listen_addresses:

    postgresql.conf
    # Find this line (remove the # if commented out):
    #listen_addresses = 'localhost'
    # Change to listen on all interfaces:
    listen_addresses = '*'
    # Or listen on a specific IP only:
    listen_addresses = '192.168.1.10'
    Using * listens on all network interfaces. For production, specify only the IP address clients will connect to.
  • 2

    Edit pg_hba.conf — allow remote clients

    Open pg_hba.conf and add a rule for your client IP range:

    pg_hba.conf — add at the end
    # Allow specific user from a subnet:
    host all all 192.168.1.0/24 scram-sha-256
    # Allow all users from anywhere (not recommended for production):
    host all all 0.0.0.0/0 scram-sha-256
    # Allow specific user to specific database from specific IP:
    host mydb myuser 10.0.0.5/32 scram-sha-256
  • 3

    Open Windows Firewall for port 5432

    PowerShell — Administrator
    PS> New-NetFirewallRule -DisplayName "PostgreSQL 5432" -Direction Inbound -Protocol TCP -LocalPort 5432 -Action Allow
    # Or restrict to specific source IP:
    PS> New-NetFirewallRule -DisplayName "PostgreSQL 5432" -Direction Inbound -Protocol TCP -LocalPort 5432 -RemoteAddress 192.168.1.0/24 -Action Allow
  • 4

    Restart PostgreSQL to apply all changes

    cmd.exe — Administrator
    C:\> net stop postgresql-x64-18 && net start postgresql-x64-18
  • 5

    Test from a remote machine

    cmd.exe — remote machine
    C:\> psql -h 192.168.1.10 -U postgres -d mydb
    Password for user postgres:
    mydb=#
Troubleshoot

Connection refused or timeout

SymptomLikely causeFix
Connection refusedlisten_addresses still localhostCheck postgresql.conf, restart service
Connection timed outWindows Firewall blockingAdd inbound rule for port 5432
Password authentication failedpg_hba.conf missing ruleAdd host rule for client IP in pg_hba.conf
No pg_hba.conf entrypg_hba.conf rule missing or wrong IPAdd correct host rule and reload config
FAQ

Remote connection questions

Changes made but still cannot connect remotely
Check all three pieces: (1) netstat -ano | findstr 5432 should show 0.0.0.0:5432 not 127.0.0.1:5432 after the restart. (2) pg_hba.conf must have a matching host rule. (3) Windows Firewall inbound rule must exist for port 5432.
Is it safe to use 0.0.0.0/0 in pg_hba.conf?
Only if you also have strong authentication (scram-sha-256) and strong passwords. For production, restrict to specific IP ranges. A database accessible from anywhere with a weak password is a serious security risk.
How do I reload pg_hba.conf without restarting?
pg_hba.conf changes can be applied without a full restart: psql -U postgres -c "SELECT pg_reload_conf();". postgresql.conf changes to listen_addresses still require a full service restart.

Need to configure pg_hba.conf more?

Full postgresql.conf and pg_hba.conf reference guide.

Config guide
Related guides
postgresql.conf →
full config guide
Port 5432 →
port configuration
Reset password →
secure your server