Config Server Firewall

Allow Remote Connections to MongoDB in Ubuntu/CentOS/Windows

In this tutorial, we will see how to use bindIp option to allow remote access to the MongoDB Server or listen to a specific network interface.

By default mongod process binds to 127.0.0.1 loopback interface in Linux (in /etc/mongod.conf), which means no remote access to the database server. In windows the mongod process binds to all interfaces unless you have set the bindIp option in the main configuration file.

Also, when connecting to the mongo shell, mongo attempts  to  connect to a MongoDB process running on the localhost (127.0.0.1). If mongod process listen on a different IP, you need to use --host option.

mongo --host 192.168.1.100

Allow Remote Connections in Linux / Ubuntu / CentOS

In Linux, including Ubuntu and CentOS 7, bindIp is by default is set to 127.0.0.1 in /etc/mongod.conf. This means mongod process only listen on the local loopback interface.

If you set value of the bindIp to 0.0.0.0 or remove the bindIp option, mongod process will listen on all interfaces.

# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0

Or we can bind mongod process to a specific IP Address:

net:
  port: 27017
  bindIp: 192.168.1.100

To bind to multiple IP addresses, enter a list of comma separated IP addresses:

# network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1,192.168.1.100

Allow MongoDB Remote Connections from Firewall

Your firewall may still block remote access to mongodb server. To allow access you need to open TCP port 27017 from your firewall settings.

For example, CentOS 7 by default use the firewalld.

sudo firewall-cmd --permanent --add-port=27017/tcp
sudo firewall-cmd --reload

Allow Remote Connections on Windows

For the windows it is the same configuration as Linux. If bindIp option does not exist in the config file, then mongod process binds to all interfaces on TCP port 27017.

Or we can add one or more IP addresses to the mongod.cfg file.

net:
  port: 27017
  bindIp: 127.0.0.1,192.168.1.102

From the windows firewall, you need to add an inbound rule to open TCP port 27017 to allow remote access.

mongodb allow remote connections

If you are using MongoDB for development or you are running MongoDB database on the same server as your application, you probably do not want to expose MongoDB to the outside the local network.