MongoDB's (outgoing) ports
518 views
Skip to first unread message
John-Kim Murphy
Dec 13, 2011, 11:35:06 PM12/13/11
to mongod...@googlegroups.com
Hello, I need to pin down MongoDB's ports in order to configure our firewall.
MongoDB's inbound ports are documented and simple enough.
However, outbound ports seem to be a different story. I couldn't find any documentation about MongoDB outgoing ports.
Using the HTTP admin interface and netstat, it seems MongoDB likes to open a lot of ports. Here's a short sampling:
70.5.31.74:60469
70.5.31.75:33931
70.5.31.75:33935
70.5.31.75:33937
70.5.31.75:33938
70.5.31.76:39819
70.5.31.76:57270
70.5.31.76:57274
70.5.31.76:57291
70.5.31.76:57297
70.5.31.75:33931
70.5.31.75:33935
70.5.31.75:33937
70.5.31.75:33938
70.5.31.76:39819
70.5.31.76:57270
70.5.31.76:57274
70.5.31.76:57291
70.5.31.76:57297
...
...
Questions:
1. These are all outbound ports, right? Since they connect to other mongod/mongos instances they must be inbound ports on those machines?
2. Which ports, both inbound and outbound, does MongoDB need to use? Is there a certain port range we can use for a inbound/outbound firewall rule?
3. Are these ports configurable?
4. Why so many ports compared to Oracle/MySQL?
Thanks,
John
Eliot Horowitz
Dec 14, 2011, 12:24:56 AM12/14/11
to mongod...@googlegroups.com
Those aren't ports mongo opens per se, those are just the client side
of an outgoing tcp connection.
of an outgoing tcp connection.
If you have a replica set with 2 nodes on port 27017, you only need to
open port 27017.
> --
> You received this message because you are subscribed to the Google Groups
> "mongodb-user" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/mongodb-user/-/gXWlzxYEd9kJ.
> To post to this group, send email to mongod...@googlegroups.com.
> To unsubscribe from this group, send email to
> mongodb-user...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/mongodb-user?hl=en.
John-Kim Murphy
Dec 14, 2011, 11:56:43 PM12/14/11
to mongod...@googlegroups.com
The firewall rules are pretty stringent here, so any ports in any direction must be accounted for :(
Both the MongoDB servers and clients will behind their own firewalls, so if a port (ingoing or outgoing) isn't explicitly opened it will be blocked.
Can a MongoDB sharded replica set function with only port 27017? (and the other default ports like 27018 and 27019)
John
Both the MongoDB servers and clients will behind their own firewalls, so if a port (ingoing or outgoing) isn't explicitly opened it will be blocked.
Can a MongoDB sharded replica set function with only port 27017? (and the other default ports like 27018 and 27019)
John
Mathias Stearn
Dec 15, 2011, 6:03:30 PM12/15/11
to mongod...@googlegroups.com
Those are ephemeral ports so we don't pick them explicitly as they are assigned by the OS. Can you make the firewall except any connection where the destination port is 27017/8/9, regardless of whether the source is internal or external to the machine?
Reply all
Reply to author
Forward
0 new messages