Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Unable to open firewall port for external traffic.
Top Forums Shell Programming and Scripting Unable to open firewall port for external traffic. Post 303027418 by Neo on Saturday 15th of December 2018 07:43:25 AM
Old 12-15-2018
You changed from the default ports, right?

The following table lists the default TCP ports used by MongoDB:

Code:
Default Port	Description
27017	The default port for mongod and mongos instances. You can change this port with port or --port.
27018	The default port for mongod when running with --shardsvr command-line option or the shardsvr value for the clusterRole setting in a configuration file.
27019	The default port for mongod when running with --configsvr command-line option or the configsvr value for the clusterRole setting in a configuration file.

Anyway, if you are running a DB on this port, normally sys admins only bind the DB to localhost or 127.0.0.1 for security reasons.

Do something like netstat -an | grep 27012 and post the output. Thanks.
 

10 More Discussions You Might Find Interesting

1. Solaris

How to open SSH port on firewall?

Hi, So that potential responders will have an idea of what they're dealing with let me say that while I am a UNIX newbie I have been in IT for over 10 years. We have several SUN boxes running ver 5 of the OS that have been sitting dormant for some time as they were part of a now defunct... (3 Replies)
Discussion started by: pjewett
3 Replies

2. Linux

using firewall to block port

Hi, I will like to allow access to the mysql port (3306) to certain IP address. All other IP's should be automatically blocked. What is the best way to do this? (8 Replies)
Discussion started by: shantanuo
8 Replies

3. Solaris

Unable to open 3966 port in solaris

Unable to open 3966 port for buildforge in Solaris 10, anyone pls help me how to open the 3966 port in solaris. Thanks in Advance (1 Reply)
Discussion started by: durgaprasadr13
1 Replies

4. IP Networking

blocking traffic to destination network by port

I am trying to block ALL traffic except when from ports 9100,22,23 to destination network 192.0.0.0 (my WAN): 2 networks 192.0.3.0 with static route to 192.0.0.0 Shouldn't this work?: iptables -A INPUT -p tcp -d 192.0.0.0/24 --dport 22 -j ACCEPT iptables -A INPUT -p tcp -d 192.0.0.0/24... (3 Replies)
Discussion started by: herot
3 Replies

5. IP Networking

Tcp ip port open but no such process (merged: Release A Port)

i want to kill a tcp connection by killing its pid with netstat -an i got the tcp ip connection on port 5914 but when i type ps -a or ps-e there is not such process running on port 5914 is it possible that because i do not log on with proper user account i can not see that process running? (30 Replies)
Discussion started by: alinamadchian
30 Replies

6. UNIX for Advanced & Expert Users

Linux bridged firewall - monitor traffic & block IP

Hi All, I successfully configured a DEBIAN Lenny bridged firewall using ebtables. The bridged interface is br0. The ethernet interface are eth0 & eth1 respectively. All the traffic are transparently passing my firewall but i need to find & block temporarily the bandwidth abusers. Can... (1 Reply)
Discussion started by: coolatt
1 Replies

7. UNIX for Dummies Questions & Answers

Rsync port and firewall

hi guys I doing some collocation for a customer, customer requested to use other port for ssh not the default one. OK no problem and customer will be using rsync to sync backups among other things I know we have to open port let's say port 5999 for ssh since we are using that one now but I... (1 Reply)
Discussion started by: karlochacon
1 Replies

8. Red Hat

Unable to Open port 8080

Hi Experts, I am receiving below error while trying to connect port 8080. Could not open connection to the host, on port 8080 : connection refused. iptables configuration /etc/sysconfig/iptables # Firewall configuration written by system-config-firewall # Manual customization of... (1 Reply)
Discussion started by: sai_2507
1 Replies

9. Infrastructure Monitoring

How do I know what traffic is in network port?

If I would like to know what connection , data , traffic in a network port ( eth0 ) , what can I do ? ps. because I always found the network is very slow , so I would like what the network port is doing . Thanks Login ID ust3 is currently in read-only mode for multiple infractions. Creating... (0 Replies)
Discussion started by: ust03
0 Replies

10. AIX

How to re-route traffic from one port to another?

Hi Friends, How to do port forwarding in AIX? We would like to re route traffic from port A to port B on AIX LPAR. for example: my application is using 8080 port on LPAR and would like to use the 8081 instead of 8080. By default application was configured with 8080. But instead of changing... (2 Replies)
Discussion started by: System Admin 77
2 Replies

LEARN ABOUT CENTOS

mongod_selinux

mongod_selinux(8)					       SELinux Policy mongod						 mongod_selinux(8)

NAME

       mongod_selinux - Security Enhanced Linux Policy for the mongod processes

DESCRIPTION

       Security-Enhanced Linux secures the mongod processes via flexible mandatory access control.

       The  mongod processes execute with the mongod_t SELinux type. You can check if you have these processes running by executing the ps command
       with the -Z qualifier.

       For example:

       ps -eZ | grep mongod_t

ENTRYPOINTS

       The mongod_t SELinux type can be entered via the mongod_exec_t file type.

       The default entrypoint paths for the mongod_t domain are the following:

       /usr/bin/mongod, /usr/share/aeolus-conductor/dbomatic/dbomatic

PROCESS TYPES

       SELinux defines process types (domains) for each process running on the system

       You can see the context of a process using the -Z option to ps

       Policy governs the access confined processes have to files.  SELinux mongod policy is very flexible allowing users to  setup  their  mongod
       processes in as secure a method as possible.

       The following process types are defined for mongod:

       mongod_t

       Note:  semanage permissive -a mongod_t can be used to make the process type mongod_t permissive. SELinux does not deny access to permissive
       process types, but the AVC (SELinux denials) messages are still generated.

BOOLEANS

       SELinux policy is customizable based on least access required.  mongod policy is extremely flexible and has several booleans that allow you
       to manipulate the policy and run mongod with the tightest access possible.

       If you want to allow all daemons to write corefiles to /, you must turn on the daemons_dump_core boolean. Disabled by default.

       setsebool -P daemons_dump_core 1

       If you want to enable cluster mode for daemons, you must turn on the daemons_enable_cluster_mode boolean. Enabled by default.

       setsebool -P daemons_enable_cluster_mode 1

       If you want to allow all daemons to use tcp wrappers, you must turn on the daemons_use_tcp_wrapper boolean. Disabled by default.

       setsebool -P daemons_use_tcp_wrapper 1

       If you want to allow all daemons the ability to read/write terminals, you must turn on the daemons_use_tty boolean. Disabled by default.

       setsebool -P daemons_use_tty 1

       If  you	want  to  deny	any  process  from ptracing or debugging any other processes, you must turn on the deny_ptrace boolean. Enabled by
       default.

       setsebool -P deny_ptrace 1

       If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default.

       setsebool -P domain_fd_use 1

       If you want to allow all domains to have the kernel load modules, you must turn on  the	domain_kernel_load_modules  boolean.  Disabled	by
       default.

       setsebool -P domain_kernel_load_modules 1

       If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default.

       setsebool -P fips_mode 1

       If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default.

       setsebool -P global_ssp 1

       If you want to allow confined applications to use nscd shared memory, you must turn on the nscd_use_shm boolean. Disabled by default.

       setsebool -P nscd_use_shm 1

PORT TYPES

       SELinux defines port types to represent TCP and UDP ports.

       You can see the types associated with a port by using the following command:

       semanage port -l

       Policy  governs	the  access  confined processes have to these ports.  SELinux mongod policy is very flexible allowing users to setup their
       mongod processes in as secure a method as possible.

       The following port types are defined for mongod:

       mongod_port_t

       Default Defined Ports:
		 tcp 27017-27019,28017-28019

MANAGED FILES

       The SELinux process type mongod_t can manage files labeled with the following file types.  The paths listed are the default paths for these
       file types.  Note the processes UID still need to have DAC permissions.

       cluster_conf_t

	    /etc/cluster(/.*)?

       cluster_var_lib_t

	    /var/lib/pcsd(/.*)?
	    /var/lib/cluster(/.*)?
	    /var/lib/openais(/.*)?
	    /var/lib/pengine(/.*)?
	    /var/lib/corosync(/.*)?
	    /usr/lib/heartbeat(/.*)?
	    /var/lib/heartbeat(/.*)?
	    /var/lib/pacemaker(/.*)?

       cluster_var_run_t

	    /var/run/crm(/.*)?
	    /var/run/cman_.*
	    /var/run/rsctmp(/.*)?
	    /var/run/aisexec.*
	    /var/run/heartbeat(/.*)?
	    /var/run/cpglockd.pid
	    /var/run/corosync.pid
	    /var/run/rgmanager.pid
	    /var/run/cluster/rgmanager.sk

       mongod_log_t

	    /var/log/mongo.*
	    /var/log/aeolus-conductor/dbomatic.log.*

       mongod_tmp_t

       mongod_var_lib_t

	    /var/lib/mongo.*

       mongod_var_run_t

	    /var/run/mongo.*
	    /var/run/aeolus/dbomatic.pid

       root_t

	    /
	    /initrd

FILE CONTEXTS

       SELinux requires files to have an extended attribute to define the file type.

       You can see the context of a file using the -Z option to ls

       Policy  governs	the  access  confined processes have to these files.  SELinux mongod policy is very flexible allowing users to setup their
       mongod processes in as secure a method as possible.

       STANDARD FILE CONTEXT

       SELinux defines the file context types for the mongod, if you wanted to store files with these types in a diffent paths, you need  to  exe-
       cute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.

       semanage fcontext -a -t mongod_exec_t '/srv/mongod/content(/.*)?'
       restorecon -R -v /srv/mymongod_content

       Note: SELinux often uses regular expressions to specify labels that match multiple files.

       The following file types are defined for mongod:

       mongod_exec_t

       - Set files with the mongod_exec_t type, if you want to transition an executable to the mongod_t domain.

       Paths:
	    /usr/bin/mongod, /usr/share/aeolus-conductor/dbomatic/dbomatic

       mongod_initrc_exec_t

       - Set files with the mongod_initrc_exec_t type, if you want to transition an executable to the mongod_initrc_t domain.

       mongod_log_t

       - Set files with the mongod_log_t type, if you want to treat the data as mongod log data, usually stored under the /var/log directory.

       Paths:
	    /var/log/mongo.*, /var/log/aeolus-conductor/dbomatic.log.*

       mongod_tmp_t

       - Set files with the mongod_tmp_t type, if you want to store mongod temporary files in the /tmp directories.

       mongod_var_lib_t

       - Set files with the mongod_var_lib_t type, if you want to store the mongod files under the /var/lib directory.

       mongod_var_run_t

       - Set files with the mongod_var_run_t type, if you want to store the mongod files under the /run or /var/run directory.

       Paths:
	    /var/run/mongo.*, /var/run/aeolus/dbomatic.pid

       Note:  File context can be temporarily modified with the chcon command.	If you want to permanently change the file context you need to use
       the semanage fcontext command.  This will modify the SELinux labeling database.	You will need to use restorecon to apply the labels.

COMMANDS

       semanage fcontext can also be used to manipulate default file context mappings.

       semanage permissive can also be used to manipulate whether or not a process type is permissive.

       semanage module can also be used to enable/disable/install/remove policy modules.

       semanage port can also be used to manipulate the port definitions

       semanage boolean can also be used to manipulate the booleans

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was auto-generated using sepolicy manpage .

SEE ALSO

       selinux(8), mongod(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8)

mongod								     14-06-10							 mongod_selinux(8)
All times are GMT -4. The time now is 05:57 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy