Server A builds the MongoDB, in order to be safe, set band_ip=127.0.0.1 in the configuration file/etc/mongod.conf. Recently, to allow other hosts to access the MongoDB of server A, the need to add the IP address of the host that needs to be accessed in the BAND_IP can be realized, and then modified to the following:
band_ip=172.0.0.1,10.20.12.33
Restart the Mongod service with the following error:
Error:listen (): Bind () failed errno:99 cannot assign address for requested
Many of the articles on the internet are said to be able to bind multiple IP, however, does not indicate that BAND_IP can only bind the MongoDB service in the machine's network card IP. To prevent intrusion, the following security strategy is made;
1,band_ip=0.0.0.0
2, add the iptables rule:
#禁止所有ip访问27017端口
Iptables-i input-p tcp–dport 27017-j DROP
#允许10.20.12.33 access to Port 27017
Iptables-i input-s 10.20.12.33-p tcp–dport 27017-j ACCEPT
#允许本机访问27017端口
Iptables-i input-s 127.0.0.1-p tcp–dport 27017-j ACCEPT