I'm running Replica set on 3 Windows server 2012 R2 in my VPN.
The servers IPs are: 192.168.1.1,192.168.1.2,192.168.1.3.
MongoDB version: 3.4.2
I want to limit the access to the MongoDB servers only to the servers that are part of the replica set, so
in each server. i'm running the MongoDB with this bind_ip configuration (Let's say we are on 192.168.1.1 server):
net:
bindIp: [127.0.0.1,192.168.1.2,192.168.1.3]
I can connect to my replica and everything working as expected.
Today, I upgraded my server to mongodb version 3.4.10.
I have two main issues:
- bindIp accepts only CSV string and not array, So I changed the configuration to 127.0.0.1,192.168.1.2,192.168.1.3 (Breaking change)
- My MongoDB server is not willing to start, with the following error: [initandlisten] listen(): bind() failed The requested address is not valid in its context. for socket: 192.168.1.3:27018
The only way to make my replica set back up and running, is to change the bind_ip to 0.0.0.0 in all of my servers, which is a security problem.
So, my question is on version 3.4.10, how to configure the mongodb (and replica set) that the access is available only from the participating servers?
Is there a bug here?
Best Answer
The
net.bindIp
configuration value only determines which IP addresses your MongoDB server is listening to. It does not control access from remote IPs -- that is the role of a firewall. You will need to configure the firewall on your servers to allow communication between all members of your replica set as well as your client applications.For a starting point on Windows, see: Configure Windows
netsh
Firewall for MongoDB.Given your description, the correct bindIp value to use for this server to listen to both localhost and the private IP of 192.168.1.1 would be
127.0.0.1,192.168.1.1
. You cannot bind to IP addresses which are not associated with network interfaces on the local server, which is why you get the errorThe requested address is not valid in its context
when trying to include remote IPs.For more information on securing your deployment, see MongoDB Security Checklist.