MongoDB server 6 on CentOS: Can't add IP bind address

benoit_pont · 2022-12-30T08:14:25.997Z

Hello,

I’ve got an error while trying to bing IP with the config file.

The server (19.0.18.100 on CentOS 7) and client (19.0.18.101) are WM on the same subnetwork.

The config file was auto created by mongoDB installation, all work except when I change the IP binding line:

No problem with:

net:
  port: 27017
  bindIp: "127.0.0.1" #  bindIpAll: true work well too

With BindIpAll I can reach the server with the client.

Fail with:

net:
  port: 27017
  bindIp: "127.0.0.1, 19.0.18.101"

  Process: 28566 ExecStart=/usr/bin/mongod $OPTIONS (code=exited, status=48)
  Process: 28563 ExecStartPre=/usr/bin/chmod 0755 /var/run/mongodb (code=exited, status=0/SUCCESS)
  Process: 28561 ExecStartPre=/usr/bin/chown mongod:mongod /var/run/mongodb (code=exited, status=0/SUCCESS)
  Process: 28559 ExecStartPre=/usr/bin/mkdir -p /var/run/mongodb (code=exited, status=0/SUCCESS)
 Main PID: 27861 (code=exited, status=0/SUCCESS)

I’ve read other post with some IP binding problem which talk about network config.
If need, here ifconfig -a | grep “inet”:

        inet 19.0.18.100  netmask 255.255.255.0  broadcast 19.0.18.255
        inet 127.0.0.1  netmask 255.0.0.0

I really appreciate some help.

Have a good Day

Benoit

Ramachandra_Tummala · 2022-12-30T13:40:43.992Z

Are you using correct IP?
What error you see in the mongod.log
Use server IP instead of client IP you added

steevej · 2022-12-30T14:01:23.136Z

Ramachandra_Tummala:

Use server IP instead of client IP you added

The above is the solution. You wrote

benoit_pont:

The server (19.0.18.100 on CentOS 7)

and you try to bind with

benoit_pont:

bindIp: "127.0.0.1, 19.0.18.101"

which is the

benoit_pont:

client (19.0.18.101)

benoit_pont · 2023-01-02T08:09:42.200Z

Hello,

Thanks a lot for the answers.

I thought that bindIp is to autorize the client IP (external) to connect to the MongoDB server. My MongoDB server is on the 19.0.18.100 and my client is on 19.0.18.101.
So I autorize to connect locally plus an external client (19.0.18.101).

Could you explain me why autorizing the mongoDB server IP (19.0.18.100) will autorize an external connection for a client (19.0.18.101)?

Should I bind: 127.0.0.1, 19.0.18.100 and 19.0.18.101 ?

Thanks

steevej · 2023-01-02T14:44:24.479Z

You are misunderstanding the meaning of bindIp.

To restrict access based on IP you have to setup a firewall.

benoit_pont · 2023-01-02T14:57:08.756Z

Ok I undestand, thanks a lot. Could you give my a real world usage of bindIp in order to understand it?

steevej · 2023-01-02T15:47:00.555Z

There are examples in the links I provided.

If you are planning to run your own server I strongly recommend you take M103 from https://learn.mongodb.com/. Otherwise Atlas might be a better choice.

Stennie_X · 2023-01-03T05:02:26.952Z

benoit_pont:

Could you give my a real world usage of bindIp in order to understand it?

Hi @benoit_pont,

By default the mongod process only binds to the localhost (127.0.0.1) loopback IP address which limits connections to those originating from the same host. The net.bindIP configuration value enables the process to bind to one or more local network interfaces.

Your real world use case is adding the 19.0.18.100 address to allow non-localhost connections.

benoit_pont:

Should I bind: 127.0.0.1, 19.0.18.100 and 19.0.18.101 ?

You cannot bind to the external 19.0.18.101 IP address; this will result in a startup error for mongod similar to:

Failed to set up listener: SocketException: Can’t assign requested address

The only valid bind IPs are addresses for local network interfaces. For example:

$ ifconfig | grep "inet "
	inet 127.0.0.1 netmask 0xff000000
	inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255

benoit_pont:

Could you explain me why autorizing the mongoDB server IP (19.0.18.100) will autorize an external connection for a client (19.0.18.101)?

Listening to 19.0.18.100 allows any client with an open route to this IP address and port combination to connect.

As @steevej noted, you need to configure a firewall to restrict remote access based on client IPs.

I strongly recommend configuring (and testing) role-based access control and network encryption before opening your deployment to broader network exposure. For more information on available security measures, please review the MongoDB Security Checklist.

Regards,
Stennie

benoit_pont · 2023-01-18T19:54:53.343Z

Hello,

Thanks a lot. I really appreciate your precise reply.

Have a nice day

system · 2023-01-23T19:55:48.078Z

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.