I need to have my main database behind a digital ocean firewall but allow access to it from other servers on the same cluster, preferably via a private IP…however, when I put the database I want behind the firewall the other servers can’t reach it.
I have 100% added the private IP’s to the firewall whitelist, I have also tried using just the standard IP’s but still get the same issue.
Am I trying to do something which is not possible?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Get our biweekly newsletter
Sign up for Infrastructure as a Newsletter.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Become a contributor
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Heya,
Double-check the firewall rules to ensure you’ve allowed the necessary traffic. Ensure that you’ve allowed incoming traffic from the private IP addresses of the other servers on the same cluster.
Droplet Networking: Make sure that all the servers, including the database server and the other servers on the cluster, are on the same private network or VPC. In DigitalOcean, private IPs should work for communication within the same data center and the same VPC.
Database Configuration: Check the database server’s configuration to ensure it’s listening on the private network interface and not just the public one. The database may be configured to listen on localhost (127.0.0.1) or a specific IP address, which could prevent it from accepting connections from private IPs.
Security Groups or Additional Firewalls: If you are using additional security groups or firewalls at the server level, double-check that these are not blocking the incoming connections. Make sure the private IP addresses are also allowed there.
All rules are processed in the order they are defined. Ensure that there are no conflicting rules that may deny the connection before it reaches the allow rule for your private IP addresses.
You can use tools like
pingandtelnetto diagnose connectivity issues. For example, try to ping the private IP of the database server from one of the other servers to see if there are any network issues.Hope that this helps!