2

I'm new to linux server. I install mongodb on centos 6.3. And I run the mongodb server in this command:

mongod -config /etc/mongodb.conf &

And i'm sure that I have make bind_ip to listen all ip:

# mongodb.conf

# Where to store the data.
dbpath=/var/lib/mongodb

#where to log
logpath=/var/log/mongodb/mongodb.log

logappend=true

rest = true
bind_ip = 0.0.0.0
port = 27017

But, I cannot make mongodb remote access either. my server ip is 192.168.2.24,and I run mongo in my local pc to access this mongodb, it show me this error:

Error: couldn't connect to server 192.168.2.24:2701
7 (192.168.2.24), connection attempt failed at src/mongo/shell/mongo.js:148
exception: connect failed

But, I can access this mongodb in server where mongodb install using this command:

mongo --host 192.168.2.24

So, I think it may success to make mongo remote access, but maybe something wrong with linux server,maybe firewall? So,I try to use the command to check the port whether open for remote access:

iptables -L -n | grep 27017

nothing is returned, then I add port to iptalbes using this command:

iptables -A INPUT -p tcp --dport 27017 -j ACCEPT
iptables -A OUTPUT  -p tcp --source-port 27017 -m state --state ESTABLISHED -j ACCEPT

and save the iptables & restart it:

iptables-save | sudo tee /etc/sysconfig/iptables
service iptables restart

I can see port of 27017 is added to iptables list, but it still not work at all. I think it may not success in opening the port of 27017. How should I do for it? I'm new to linux server,by the way my linux server pc is offline. So it can't use the command about "yum". please give me solution in detail. Thanks so much.

Improve this question
4
  • 2
    Firewall? check iptables -L -n | grep 27017 if nothing is returned, you need to open the according port. Commented Jan 11, 2016 at 4:10
  • Are you able to ping 192.168.2.24? ping 192.168.2.24 or telnet the machine? As pointed by Mahlberg it could be a firewall issue as well.. Commented Jan 11, 2016 at 5:48
  • @harshavmb I have tried to ping it, and it worked. Commented Jan 11, 2016 at 6:27
  • @MarkusWMahlberg yeah,nothing is returned. How should I do for it? please give me more detail, thanks Commented Jan 11, 2016 at 6:28

1 Answer 1

Reset to default
2

It seems like the firewall is not configured correctly.

Disclaimer: Fiddling with firewall settings has security implications. DO NOT USE THE FOLLOWING PROCEDURE ON PRODUCTION SYSTEMS UNLESS YOU KNOW WHAT YOU ARE DOING!!! If in the slightest doubt, get back to a sysadmin or DBA.

The problem

Put simply, a firewall limits the access to services like MongoDB running on the protected machine by unauthorized parties.

CentOS only allows access to ssh by default. We need to configure the firewall so that you can access the MongoDB service.

The solution

We will install a small tool provided by CentOS < 7 (version 7 provides different means), which simplifies the use of iptables, which in turn configures netfilter, the framework of the Linux kernel allowing manipulation of network packets – thus providing firewall functionality (amongst other cool things).

Then, we will use said tool to configure the firewall functionality so that MongoDB is accessible from everywhere. I can't give you a more secure configuration, since I do not know your network setup. Again, use this procedure on production systems at your own risk. You have been warned!

Installation of system-config-firewall-tui

First, you have to log into your CentOS box as root, which allows installation and deinstallation of packages and change system-wide configurations.

Then, you need to issue (the dollar sign denotes the shell prompt)

$ yum -y install system-config-firewall-tui

The result should look something like this

Result of "yum -y install system-config-firewall-tui"

Configuration of the firewall

Next, you need to start the tool we just installed

$ system-config-firewall-tui

which will create a small command line GUI:

Main screen of "system-config-firewall-tui"

Do not simply disable the firewall!.

Press Tab or →| respectively, until the "Customize" button is highlighted. Now press . In the next screen, highlight "Forward" and press . You now should be in a screen called "Other Ports",

system-config-firewall-tui's "Other Ports" screen

in which you highlight "Add" and press. This brings you to a screen "Port and Protocol" which you fill like shown below

Necessary configuration for MongoDB in the "Port and Protocol" screen

The configuration explained: MongoDB uses TCP for communicating with the clients and it listens on port 27017 by default for a standalone instance. Note that you might need to change the port according to the referenced list in case you do not run a standalone instance or replica set.

The next step is to highlight "OK" and press , which will seemingly clear the inputs. However, the configuration we just made is saved. So we will press "Cancel" and return to the "Other Ports" screen, which should now look like this:

Updated "Other Ports" screen

Now, we press "Close" and return to the main screen of "system-config-firewall-tui". Here, we press "Ok" and the tool asks you if you really want to apply those the changes you just made. Take the time to really think about that. ;)

Pressing "Yes" will now modify the firewall rules executed by the Linux kernel.

We can verify that by issuing

$ iptables -L -n | grep 27017

which should result in the output below:

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:27017

Now you should be able to connect to your MongoDB server.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Hi, my linux server pc is offline. So, I cann't use yum command. and I try to add port to iptables, but it didn't work at all. I will update my problem describe. and thanks for your answer in detail
@v11: how can it be offline when you want to access it via network? How will you do updates?
just via local area network. can not access Internet

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.