1

I'm running Replica set on 3 Windows server 2012 R2 in my VPN. The servers IPs are: 192.168.1.1,192.168.1.2,192.168.1.3.

MongoDB version: 3.4.2 I want to limit the access to the MongoDB servers only to the servers that are part of the replica set, so in each server. i'm running the MongoDB with this bind_ip configuration (Let's say we are on 192.168.1.1 server):

net:
    bindIp: [127.0.0.1,192.168.1.2,192.168.1.3]

I can connect to my replica and everything working as expected.

Today, I upgraded my server to mongodb version 3.4.10. I have two main issues:

  1. bindIp accepts only CSV string and not array, So I changed the configuration to 127.0.0.1,192.168.1.2,192.168.1.3 (Breaking change)
  2. My MongoDB server is not willing to start, with the following error: [initandlisten] listen(): bind() failed The requested address is not valid in its context. for socket: 192.168.1.3:27018 The only way to make my replica set back up and running, is to change the bind_ip to 0.0.0.0 in all of my servers, which is a security problem.

So, my question is on version 3.4.10, how to configure the mongodb (and replica set) that the access is available only from the participating servers? Is there a bug here?

Shkolar
  • 143
  • 1
  • 6

1 Answers1

1

The net.bindIp configuration value only determines which IP addresses your MongoDB server is listening to. It does not control access from remote IPs -- that is the role of a firewall. You will need to configure the firewall on your servers to allow communication between all members of your replica set as well as your client applications.

For a starting point on Windows, see: Configure Windows netsh Firewall for MongoDB.

(Let's say we are on 192.168.1.1 server):

net:
    bindIp: [127.0.0.1,192.168.1.2,192.168.1.3]

Given your description, the correct bindIp value to use for this server to listen to both localhost and the private IP of 192.168.1.1 would be 127.0.0.1,192.168.1.1. You cannot bind to IP addresses which are not associated with network interfaces on the local server, which is why you get the error The requested address is not valid in its context when trying to include remote IPs.

For more information on securing your deployment, see MongoDB Security Checklist.

Stennie
  • 1,250
  • 7
  • 12