Something is filtering 27017 port even then firewall is not working

skat asked:

Good day,

i’ trying to move mongodb database to separate VPS from application, but VPS was pre-configured not by me.
I have instance with running mongodb on 27017 port:

COMMAND  PID    USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
mongod  2073 mongodb   11u  IPv4   6155      0t0  TCP localhost:27017 (LISTEN)

I have configured ufw firewall that opens up 27017 for anyone (for now):

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
27017/tcp                  ALLOW IN    Anywhere
22                         ALLOW IN    Anywhere (v6)
27017/tcp                  ALLOW IN    Anywhere (v6)

Anywhere                   ALLOW OUT   27017/tcp
Anywhere (v6)              ALLOW OUT   27017/tcp

But the funny thins is, then I do ‘nmap -p 27017 –IP–‘ it shows me this:

Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn

if run ‘nmap -p 27017 –IP– -Pn’:

PORT      STATE  SERVICE
27017/tcp closed unknown

And ofcourse i can’t connect to mongodb with tcp 27017, but i can’ connect with ssh or through ssh. If i shut down firewall with (ufw disable), state of port changes to filtered and i’m still unable to use it.

It appears that secondary firewall is managing 27017 port, but i’m failing to find how to turn it off. I’m puzzled, anyone have any tip?

here is full list of iptables rules:
https://gist.github.com/skatkov/b0d1173de5f319f2872d

My answer:


Your output plainly shows that mongod is only listening on localhost. If you want to make remote connections to it, you must tell it to listen to connections from remote hosts.

In mongodb.conf you have:

bind_ip = 127.0.0.1

Remove this or change it to something more appropriate.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.