Port 27017 closed for security reasons

MongoDB Atlas
,
#1

Basically I am using a hosting service called ventraIP for hosting my nodejs application. The application works just fine in my local machine but when I try to host it on the servers it throws the following error:

    returncode: 0
stdout:
> aussies-backend@1.0.0 start /home/webnappc/aussiesbackend0
> node app.js

MongooseServerSelectionError: Could not connect to any servers in your MongoDB Atlas cluster. One common reason is that you're trying to access the database from an IP that isn't whitelisted. Make sure your current IP address is on your Atlas cluster's IP whitelist: https://docs.atlas.mongodb.com/security-whitelist/
    at NativeConnection.Connection.openUri (/home/webnappc/nodevenv/aussiesbackend0/12/lib/node_modules/mongoose/lib/connection.js:832:32)
    at /home/webnappc/nodevenv/aussiesbackend0/12/lib/node_modules/mongoose/lib/index.js:345:10
    at /home/webnappc/nodevenv/aussiesbackend0/12/lib/node_modules/mongoose/lib/helpers/promiseOrCallback.js:31:5
    at new Promise (<anonymous>)
    at promiseOrCallback (/home/webnappc/nodevenv/aussiesbackend0/12/lib/node_modules/mongoose/lib/helpers/promiseOrCallback.js:30:10)
    at Mongoose._promiseOrCallback (/home/webnappc/nodevenv/aussiesbackend0/12/lib/node_modules/mongoose/lib/index.js:1135:10)
    at Mongoose.connect (/home/webnappc/nodevenv/aussiesbackend0/12/lib/node_modules/mongoose/lib/index.js:344:20)
    at Object.<anonymous> (/home/webnappc/aussiesbackend0/app.js:74:5)
    at Module._compile (internal/modules/cjs/loader.js:1015:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1035:10)
    at Module.load (internal/modules/cjs/loader.js:879:32)
    at Function.Module._load (internal/modules/cjs/loader.js:724:14)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12)
    at internal/main/run_main_module.js:17:47 {
  reason: TopologyDescription {
    type: 'ReplicaSetNoPrimary',
    setName: null,
    maxSetVersion: null,
    maxElectionId: null,
    servers: Map {
      'cluster0-shard-00-02.gycrz.mongodb.net:27017' => [ServerDescription],
      'cluster0-shard-00-00.gycrz.mongodb.net:27017' => [ServerDescription],
      'cluster0-shard-00-01.gycrz.mongodb.net:27017' => [ServerDescription]
    },
    stale: false,
    compatible: true,
    compatibilityError: null,
    logicalSessionTimeoutMinutes: null,
    heartbeatFrequencyMS: 10000,
    localThresholdMS: 15,
    commonWireVersion: null
  }
}
stderr:
npm WARN lifecycle The node binary used for scripts is /home/webnappc/nodevenv/aussiesbackend0/12/bin/node but npm is using /opt/alt/alt-nodejs12/root/usr/bin/node itself. Use the `--scripts-prepend-node-path` option to include the path for the node binary npm was executed with.

I have whitelisted all the IPs in my mongodb cluster’s network access tab (it is 0.0.0.0/0) so this is not an issue for sure.
When I open the terminal in my hosted server’s cPanel and type:
curl portquiz.net:27017
I am getting this:

[webnappc@s312 ~]$ curl portquiz.net:27017
curl: (7) Failed connect to portquiz.net:27017; Connection refused
[webnappc@s312 ~]$

I contacted the technical support team to open this specific port and they replied me with this:

Unfortunately, we cannot open ports. However, we can whitelist your specific IP address for either inbound or outbound.

Let us know what specific IP address you would like for either inbound or outbound.

Then I asked them to whitelist the ip addresses mentioned in these articles:

https://docs.atlas.mongodb.com/setup-cluster-security#required-outbound-access
https://docs.atlas.mongodb.com/setup-cluster-security#required-inbound-access

They said they have whitelisted the IPs but still I am facing the same issue.

#2

You’re probably only running MongoDB on the internal interface.

See in mongod.conf:

# network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1  # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.
#3

The list you have for outbound access is for the Atlas Control Pane

If your network allows outbound HTTP requests only to specific IP addresses, you must allow access to the following IP addresses so that your API requests can reach the Atlas control plane:

That is the API you can use to manage your cluster(s) not your Atlas cluster.

You will have to lookup the IP’s of your atlas nodes yourself.
https://docs.atlas.mongodb.com/reference/faq/networking#networking

An example of how to lookup your cluster nodes you can see in this response:

#4

Thanks, but I found out that the node’s IP address may change when something changes on the server, this way I have to ask my hosting providers to outbound IP again and again. And one more thing, do I need to whitelist IPs for outbound only? or inbound whitelisting is also required.

#5

Sorry, where can I find mongod.conf file?? Actually I am trying to host my app on the server which needs to be connected to the mongodb database, my hosting providers donot have any technical support for mongodb, I dont think I would be able to find any mongod.conf file anywhere

#6

The mongod.conf file is on the machine hosting MongoDB.
On a Linux system it’s typically /etc/mongod.conf

#7

Welcome to the cloud and SaaS. As per the link the circumstances where the IP addresses change are limited.

You are connecting to atlas as a client, that is an outbound connection. The server will not be initiating a connection to your client/server.

1 Like
#8

I have outbound my node IPs and it is responding from the terminal of the server like I am getting the following response:

Actually I am unable to post the response here, it contains links and it says new users can include only two links

But when I try to connect, it gives the same error which as in the post

I checked my network access again and says: 0.0.0.0/0

#9

By the way the nodenames look this:
cluster0-shard-00-00.gycrz.mongodb.net:27017

And these are the IPs:
34.225.108.213
23.23.72.188
54.243.51.170

I found the IPs of the clusters by doing:
ping cluster0-shard-00-00.gycrz.mongodb.net:27017

#10

Complete the intro (you should have a DM from leafy-bot) and you can post.

Can you connect with mongo "mongodb+srv://cluster0.gycrz.mongodb.net" ? (requires the mongo cli)

#11

Hi @Tayyab_Ferozi,

Your original error suggests outbound access to port 27017 is blocked by your hosting provider or instance firewall. Since that is a more straightforward issue to troubleshoot via portquiz.net, I would use it as a test case to resolve with your provider before trying to get your database connection working.

Once you have confirmed that outbound connections are not blocked, I would then test with the mongo shell and make sure you are able to login before trying to debug connectivity from your application code.

If you have temporarily opened up your Atlas IP Access List to allow any host to connect (that isn’t recommended for long term configuration), any remaining connection issues should be local to your environment (network/firewall configuration, or perhaps the driver/application version you are trying to connect with).

A possible interpretation is that they are asking for the IP of the ventralIP instance you want to whitelist for outbound connections. I would ask them how to get your curl example working.

I think it would be unusual for hosts to aggressively block outbound connections without providing an interface for you to self-manage common firewall rules. Does your hosting include cPanel or a similar management interface?

That is correct (and expected behaviour). For the most robust access, you should rely on cluster names rather than IPs.

As noted by @chris, connections to Atlas are only outbound from your deployment.

Regards,
Stennie

#12

They said they will configure firewall for cluster IPs rather than names, anyways my issue is succcessfully solved but I am still relying on the IPs as I am bound to do so, and have to contact them again if in case the IPs of my node change