surroundings
CentOS 6.x + mongoDB 4.2
mongoDB server IP: 192.168.101.235
(only one IP)
MongoDB configuration for bind_ip
understanding
It means to bind to the MongoDB instance that IP, indicating that the instance can provide services to the IP.
# 表示以本地回环地址对外提供服务,由于本地回环地址只能被本机所能访问到
# 因此,表示只能在本机的mongo客户端上才能连接到
bind_ip=127.0.0.1
# 表示MongoDB实例以192.168.101.235这个IP对外提供服务
# 只要能访问到192.168.101.235:27017的任何mongo客户端上都能连接到
bind_ip=192.168.101.235
To bind_ip=0.0.0.0
understand:
If MongoDB server instances where only one IP: 192.168.101.235
, then bind_ip=0.0.0.0
and bind_ip=192.168.101.235
is one effect
If MongoDB server instances where there are multiple IP, for example: 192.168.101.235
and 192.168.11.22
then bind_ip=0.0.0.0
and bind_ip=127.0.0.1,192.168.101.235,192.168.11.22
is one effect.
bind_ip_all understanding
bind_ip_all
And bind_ip
are mutually exclusive, as long as they are configured one on the line. bind_ip_all
Usage:
# bind_ip_all 其实相当于: bind_ip=0.0.0.0
bind_ip_all=true
# 或者
bind_ip_all=on
Note: bind_ip
The value is not to restrict certain IP can access the server, if the first limit, you can use the built-in firewall server processing.
demand
Limited access to only certain IP mongodb our server, for example: In addition to 127.0.0.1 and 192.168.101.231 are not accessible
Thinking
Use mongodb configuration bind_ip
options and built-in firewall CentOS
MongoDB instance to 127.0.0.1
and 192.168.101.235
provide services
step
-
MongoDB instance configuration
bind_ip
bind_id=127.0.0.1,192.168.101.235 # 或者 bind_id=0.0.0.0 # 或者 bind_ip_all=true
-
MongoDB server restart
-
Configure the firewall
Follows an increase in the content firewall (Firewall other systems your own configuration)
# 禁止所有的IP访问27017端口 -I INPUT -p tcp --dport 27017 -j DROP # 对192.168.101.231放行27017端口 -I INPUT -s 192.168.101.231 -p tcp --dport 27017 -j ACCEPT # 对127.0.0.1放行27017端口 -I INPUT -s 127.0.0.1 -p tcp --dport 27017 -j ACCEPT
The final step top priority
After the restart modify the protective wall