CODEWITHSUNDEEP
mongodbfirewall
user1978109
user1978109

Reputation: 737

MongoDB application server IPTables

I have 2 servers, one nginx/PHP and a mongoDB server. I have configured the mongoDB server's iptables correctly and I can connect to it with the nginx server when its firewall is down. However, when I turn on the firewall. It stops working. What should be open on the application server for it to connect to the MongoDB?

I am using the default ports on my mongo db server. Here is an output of iptables on my web server.

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  { MongDB IP }        anywhere            tcp dpt:27017 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http state   NEW,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https state NEW,ESTABLISHED          

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             { MongDB IP }       tcp spt:27017 
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:http state ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:https state ESTABLISHED

Upvotes: 0

Views: 773

Answers (1)

Stennie
Stennie

Reputation: 65323

Unless you have a sharded cluster or have changed the default ports used by MongoDB, the only port you need to have open from your application server is 27017 on your MongoDB server.

The default ports used by MongoDB are:

  • 27017 (standalone mongod)
  • 27018 (mongod --shardsvr)
  • 27019 (mongod --configsvr)
  • 28017 (web status page .. you should not have this enabled in production)

The MongoDB documentation includes examples for Configuring Linux iptables Firewall for MongoDB.

You may also want to check the bind_ip value (if set) to make sure your mongod is listening to the network interface that the application server is trying to connect to. By default mongod listens to all interfaces, but some distributions may limit this to localhost on initial install.

Upvotes: 1

Related Questions