Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vitaly2019-03-14 20:31:54
linux
Vitaly, 2019-03-14 20:31:54

How to allow connections to Mongo DB from certain IPs?

All the best!
I'm trying to allow remote connections to MongoDB via iptables on debian 9, but somehow without success :(
I'm doing this for the first time, and I can't figure out what's wrong, please help.
Mongo is running on port 27017, at first I allowed connections in both directions :

iptables -A INPUT -s MYIP_RANGE.0/24 -p tcp --destination-port 27017 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -d MYIP_RANGE.0/24 -p tcp --source-port 27017 -m state --state ESTABLISHED -j ACCEPT

And denied access to everyone else:
iptables -A INPUT -p tcp --destination-port 27017 -j DROP

Here is the command output
iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  MYIP_RANGE.0/24     anywhere             tcp dpt:27017 state NEW,ESTABLISHED
DROP       tcp  --  anywhere             anywhere             tcp dpt:27017

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             MYIP_RANGE.0/24     tcp spt:27017 state ESTABLISHED

Chain DOCKER (1 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

As a result, the blocking does not work, tell me please, what is wrong?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dmitry, 2019-03-15
@q2digger

Judging by the docker chains - is mongodb spinning in the docker?
use the DOCKER-USER chain like
iptables -I 1 DOCKER-USER -i eth0 -s your-network/24 -p tcp -m conntrack --ctorigdstport 27017 -j ACCEPT
iptables -I 2 DOCKER-USER -i eth0 -p tcp -m conntrack --ctorigdstport 27017 -j DROP
I’ll insert them into line 1 and line 2 so that the last rule in the chain (RETURN) remains the last, well, substitute your network interface name too ..
Manual with examples:
https://docs.docker.com/network/iptables/

Similar questions
B
Bogdan2018-12-15 14:54:42
NativeScript for Android 4.4? 1Reply
E
eight_bit2019-10-21 11:41:25
Laptop freezes on reboot after installing additional SSD, how to diagnose? 1Reply
S
Sasha2942018-08-29 11:16:59
How can I install x86 application on Raspberry Pi3? 4Reply
F
FEDKOTV2020-08-04 15:23:44
How to configure Desktop to resolve domains from a virtual machine? 2Reply
V
vlarkanov2018-08-30 12:44:33
PyCharm: how to load mysql.connector module? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question