First netstat -nltp output displays:
tcp 0 0 0.0.0.0:27017 0.0.0.0:* LISTEN 1235/mongod
So it seems that MongoDB is running on port 27017 and accept connection from all IPs.
Just to make sure MongoDB is up and running I issued mongo command to make sure I can see mongoDB:
mongo --port 27017 -u "MyUser" --authenticationDatabase "admin" -p 'MyPassword'
MongoDB shell version v4.2.8
connecting to: mongodb://127.0.0.1:27017/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("00000000-d8c3-422a-9446-38eb624dd88f") }
MongoDB server version: 4.2.8
Now I tried tcptraceroute command to make sure nothing in between closes my connection:
$ sudo tcptraceroute My-Server-IP-Address 27017
Password:
Selected device en0, address 192.168.1.55, port 54871 for outgoing packets
Tracing the path to My-IP-Address on TCP port 27017, 30 hops max
1 192.168.1.1 8.847 ms 3.853 ms 0.994 ms
2 * * *
3 10.101.96.93 26.486 ms 24.977 ms 27.186 ms
4 10.101.105.14 41.399 ms 30.886 ms 16.155 ms
5 * * *
6 10.101.97.57 24.635 ms 29.538 ms 17.545 ms
7 10.101.117.25 39.587 ms 47.088 ms 62.840 ms
8 * * *
9 10.21.251.106 29.101 ms 29.739 ms 34.785 ms
10 10.21.21.22 35.107 ms 19.941 ms 20.011 ms
11 10.21.211.20 49.572 ms 33.257 ms 34.870 ms
12 * * *
13 * * *
14 ex9k1.dc5.fsn1.A-DOMAIN.com (AN-IP-ADDRESS) 93.807 ms 108.962 ms 115.046 ms
15 static.ANOTHER-IP.clients.your-server.it (IP-ADDRESS-IT) 99.938 ms 102.719 ms 109.238 ms
16 static.MY.IP.ADDRESS.clients.your-server.de (MY.IP.ADDRESS) [closed] 173.753 ms 112.972 ms 102.902 ms
On last hop I see [closed] flag.
To list all server firewall rules:
$ sudo iptables -L -n
-> # sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0
DOCKER-ISOLATION-STAGE-1 all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 172.18.0.3 tcp dpt:80
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain ufw-after-forward (0 references)
target prot opt source destination
Chain ufw-after-input (0 references)
target prot opt source destination
Chain ufw-after-logging-forward (0 references)
target prot opt source destination
Chain ufw-after-logging-input (0 references)
target prot opt source destination
Chain ufw-after-logging-output (0 references)
target prot opt source destination
Chain ufw-after-output (0 references)
target prot opt source destination
Chain ufw-before-forward (0 references)
target prot opt source destination
Chain ufw-before-input (0 references)
target prot opt source destination
Chain ufw-before-logging-forward (0 references)
target prot opt source destination
Chain ufw-before-logging-input (0 references)
target prot opt source destination
Chain ufw-before-logging-output (0 references)
target prot opt source destination
Chain ufw-before-output (0 references)
target prot opt source destination
Chain ufw-reject-forward (0 references)
target prot opt source destination
Chain ufw-reject-input (0 references)
target prot opt source destination
Chain ufw-reject-output (0 references)
target prot opt source destination
Chain ufw-track-forward (0 references)
target prot opt source destination
Chain ufw-track-input (0 references)
target prot opt source destination
Chain ufw-track-output (0 references)
target prot opt source destination
And lastly my telnet output:
$ telnet MY-IP 27017
Trying MY-IP...
telnet: connect to address MY-IP: Connection refused
telnet: Unable to connect to remote host
What I have done wrong? What should I do to connect to MongoDB from outside?
EDIT:
By changing port from 27017 to 27018, I could connect to MongoDB and everything works fine. But I'm still curious why I cannot use 27017 port and what I have done wrong in iptables configuration?
NOTE: ufw firewall is disabled.
Does "from outside" refer to general web, as in behind your router/firewall?
As this sounds as if your firewall/router is blocking it. I am not refering to OS firewall, but your physical firewall.
You should check if you have policies setup to allow outside connections, as well as configuring NAT (port forwarding) on your router.
One possibility is that your ISP is blocking that port. Many use transparent proxies and other stuff.
Another is that you're using an antivirus Software in your client computer that does the same.
Or your router has activated dynamic ports or NAT, interfering.
Another possibility is that another process is listening into that port:
This will tell you which process is listening in which port. I saw your output only for one line, but it could happen that you have another process listening in that port with ip x.x.x.x and mongo listening in that port with 0.0.0.0, but will not do for x.x.x.x.
You can use also:
If Mongo is listening in the right port, then run tcpdump to know if your computer gets to there.
Where $YOURIP is the Ip of the client machine, so your workstation.
You run tcpdump and then attempt a connection. If you don't see anything, something is blocking the connection.
Knowing if Mongo is listening in the right port and if the packets are arriving is the first thing I would try.