My mongo server on Digital Ocean (DO) appears to be accepting connections correctly, but my PC does not see the ip & port as open with an nmap. The server is receiving connections without issues from a different server on DO.

What is especially odd is that this was working perfectly fine and suddenly stopped.

There is a small possibility that this is interfering - I setup port forwarding and DynDNS with my router. “Small possibility” because i’m 85% sure I had this issue before setup of port forwarding & ddns. I thought it was just the changing of my local ip address and I would just need to add it to the mongo server ufw again.

On the Mongo Server

ufw status

root@mongo:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     LIMIT       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
27017                      ALLOW       [-- other server ip address that works --]          
27017                      ALLOW       [-- local machine ip address --]           
OpenSSH                    ALLOW       Anywhere                  
27017                      ALLOW       Anywhere                  
27017                      ALLOW       [-- local public ip address --]              
22/tcp (v6)                LIMIT       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)             
OpenSSH (v6)               ALLOW       Anywhere (v6)             
27017 (v6)                 ALLOW       Anywhere (v6)   

nmap

root@mongo:~# nmap [-- mongo server ip address --] -p 27017

Starting Nmap 7.60 ( https://nmap.org ) at 2020-08-05 17:32 UTC
Nmap scan report for mongo ([-- mongo server ip address --])
Host is up (0.000036s latency).

PORT      STATE SERVICE
27017/tcp open  mongod

Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds

netstat -plnt

root@mongo:~# netstat -plnt 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      694/systemd-resolve 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      924/sshd            
tcp        0      0 [mongo ip]:27017        0.0.0.0:*               LISTEN      2040/mongod         
tcp        0      0 127.0.0.1:27017         0.0.0.0:*               LISTEN      2040/mongod         
tcp6       0      0 :::22                   :::*                    LISTEN      924/sshd       

On my Local PC

myusername@mb ~ % nmap [-- mongo server ip address --] -p 27017
Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-05 13:30 EDT
Nmap scan report for [-- mongo server ip address --]
Host is up (0.024s latency).

PORT      STATE    SERVICE
27017/tcp filtered mongod

Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds

There is something going on in between these machines that I haven’t caught. I need this to CRUD my production database locally.

Things I’ve tried:

  1. Removing and adding back the ip address from ufw
  2. Making 27017 allowed from anywhere (as seen above; previously restricted to only specific ips)
  3. Listening for connections on 27017 with nc localhost 27017 (have not heard anything)
  4. ufw disable - still returns filtered on local PC.
  5. Disabled the DynDNS
  6. Added 27017 to my router’s firewall.
  7. Testing nmap through a VPN

None of these have worked.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi there @autoencoder,

I believe the problem is that MongoDB is bond on 127.0.0.1:27017, this means that it only accepts connections from the localhost.

You need to change that and bind it on 0.0.0.0:27017, that way it will be open to the world and you will be able to access it from your PC.

To do so edit the mongod.conf file and change the bindIp from 127.0.0.1 to 0.0.0.0 and then restart the MongoDB service.

For more information you can follow this step by step guide here:

https://www.digitalocean.com/community/tutorials/how-to-configure-remote-access-for-mongodb-on-ubuntu-20-04

Hope that this helps!
Regards,
Bobby

by Mark Drake
This tutorial walks you through configuring a MongoDB installation to securely allow access from a trusted remote computer. This will involve updating your firewall rules to provide the remote server access to MongoDB's default port and changing Mongo's configuration file to update its IP binding setting.
Submit an Answer