Below is what i did to open the firewall port on
[root@vultr ~]# sudo firewall-cmd --zone=public --add-port=27012/tcp --permanent
Warning: ALREADY_ENABLED: 27012:tcp
success
[root@vultr ~]# sudo firewall-cmd --reload
success
[root@vultr ~]# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh http https
ports: 80/tcp 27012/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@vultr ~]# uname -a
Linux vultr.guest 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
When i telnet to the servers IP:Port it fails
telnet 45.76.142.202 27012
Connecting To 45.76.142.202...Could not open connection to the host, on port 27012: Connect failed
It however does connect to port 80
telnet 45.76.142.202 80
Can you please help me get firewall port 27012 connect externally just the way port 80 is connecting ?
Neo
December 15, 2018, 6:34am
2
Maybe post the output of:
firewall-cmd --list-all-zones
or use a similar command to dump the entire rule set?
[root@vultr ~]# firewall-cmd --list-all-zones
block
target: %%REJECT%%
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
dmz
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
drop
target: DROP
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
external
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
home
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh mdns samba-client dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
internal
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh mdns samba-client dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh http https
ports: 27017/tcp 80/tcp 27012/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
trusted
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
work
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Neo
December 15, 2018, 6:54am
4
What process is running on port 27012 on your server?
Neo
December 15, 2018, 7:43am
6
You changed from the default ports, right?
The following table lists the default TCP ports used by MongoDB:
Default Port Description
27017 The default port for mongod and mongos instances. You can change this port with port or --port.
27018 The default port for mongod when running with --shardsvr command-line option or the shardsvr value for the clusterRole setting in a configuration file.
27019 The default port for mongod when running with --configsvr command-line option or the configsvr value for the clusterRole setting in a configuration file.
Anyway, if you are running a DB on this port, normally sys admins only bind the DB to localhost
or 127.0.0.1
for security reasons.
Do something like netstat -an | grep 27012
and post the output. Thanks.
Neo
December 15, 2018, 7:49am
7
Per my note above, you need to check to see if your DB is bound to localhost or to your IP address.
If it is bound to localhost (127.0.0.1) you will not be able to telnet to that port using the IP address you were using.
Check your config for:
bind_ip: 127.0.0.1
1 Like
netstat -an | grep 27017
tcp 0 0 127.0.0.1:27012 0.0.0.0:* LISTEN
unix 2 [ ACC ] STREAM LISTENING 6534678 /tmp/mongodb-27012.sock
Neo
December 15, 2018, 8:46am
9
Yes that is why you cannot telnet to that port from the IP address you provided.
Your DB is bound to 127.0.0.1 as mentioned
Neo helped resolve the issue. Changing MongoDB port to 0.0.0.0 and restarting works fine.
Neo
December 15, 2018, 10:33pm
11
Thanks for the update.
I do not advise binding your DB to 0.0.0.0
or your server's IP address because this can open up your DB to outside attackers.
Normally, web admins bind the DB to the localhost
so only processes which originate on the localhost can assess the DB, for security reasons.
In other words, for security reasons, you should design your system so you do not need to telnet or otherwise remotely connect to your DB.