一、背景描述:
我在linux RED7上安装了mongodb,并没有修改mongodb的配置文件。然后通过另外一台电脑用pymongo连接mongodb时,报错:timeout。
ping IP 是成功的。 telnet IP 27017 的时候,提示:27017端口连接不上。
二、解决过程:
各种百度,远程连接mongodb失败,网上资料显示原因有两个:
1、mongodb的配置文件中的bind_ip 默认为127.0.0.1,默认只有本机可以连接。 此时,需要将bind_ip配置为0.0.0.0,表示接受任何IP的连接。
2、防火墙阻止了27017端口。
于是,先修改mongodb配置文件,并重启mongod服务。
各种百度关闭防火墙。
-----------但是试了很久很久,仍然telnet时提示:27017端口连接不上。
使用google,发现如下文章:http://shaurong.blogspot.com/2014/07/centos-70-x64.html
解决了我的问题。重点是由于在RED7中,关闭防火墙的命令改为:systemctl stop firewalld
这样后,便可以真正关闭防火墙功能。远程连接mongodb成功!
上述连接:http://shaurong.blogspot.com/2014/07/centos-70-x64.html 内容如下(需翻 墙才可访问,所以就把原文复制过来了。望原作者莫见怪!):
[研究] CentOS 7.0 x64 的 iptables 與 firewall-cmd 防火牆 [研究] CentOS 7.0 x64 的 iptables 與 firewall-cmd 防火牆 2014-07-25 2014-08-01 修訂 CentOS 7.0 開始,服務的管理使用變成用 systemctl,例如 httpd 的使用可用下面幾種方式 # systemctl status|start|stop|restart|reload httpd OR # service httpd status|start|stop|restart|reload OR # apachectl configtest| graceful service httpd 會自動重導指令到 systemctl 命令,問題不大。 但是防火牆就有問題了,因為架網站時本機測試正常,遠端關了防火牆卻仍連不上,所以做了點研究測試。 [root@localhost ~]# yum -y install httpd [root@localhost ~]# service httpd restart Redirecting to /bin/systemctl restart httpd.service [root@localhost ~]# service httpd status Redirecting to /bin/systemctl status httpd.service httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled) Active: active (running) since Fri 2014-07-25 15:54:58 CST; 21s ago Main PID: 14250 (httpd) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" CGroup: /system.slice/httpd.service ? ? 14250 /usr/sbin/httpd -DFOREGROUND ? ? 14251 /usr/sbin/httpd -DFOREGROUND ? ? 14252 /usr/sbin/httpd -DFOREGROUND ? ? 14253 /usr/sbin/httpd -DFOREGROUND ? ? 14254 /usr/sbin/httpd -DFOREGROUND ? ? 14255 /usr/sbin/httpd -DFOREGROUND Jul 25 15:54:58 localhost.localdomain systemd[1]: Starting The Apache HTTP Se... Jul 25 15:54:58 localhost.localdomain httpd[14250]: AH00558: httpd: Could not... Jul 25 15:54:58 localhost.localdomain systemd[1]: Started The Apache HTTP Ser... Hint: Some lines were ellipsized, use -l to show in full. [root@localhost ~]# ps aux | grep httpd root 14250 0.0 0.2 209484 4804 ? Ss 15:54 0:00 /usr/sbin/http -DFOREGROUND apache 14251 0.0 0.1 211568 2968 ? S 15:54 0:00 /usr/sbin/http -DFOREGROUND apache 14252 0.0 0.1 211568 2968 ? S 15:54 0:00 /usr/sbin/http -DFOREGROUND apache 14253 0.0 0.1 211568 2968 ? S 15:54 0:00 /usr/sbin/http -DFOREGROUND apache 14254 0.0 0.1 211568 2968 ? S 15:54 0:00 /usr/sbin/http -DFOREGROUND apache 14255 0.0 0.1 211568 2968 ? S 15:54 0:00 /usr/sbin/http -DFOREGROUND root 14276 0.0 0.0 112640 980 pts/1 R+ 15:55 0:00 grep --color=auto httpd [root@localhost ~]# [root@localhost ~]# service iptables stop Redirecting to /bin/systemctl stop iptables.service (下圖) 本機上測試正常 (下圖) 遠端去連失敗 檢查防火牆狀態,是 inactive 的 [root@localhost ~]# service iptables -L The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl. [root@localhost ~]# service iptables status Redirecting to /bin/systemctl status iptables.service iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled) Active: inactive (dead) Jul 25 15:56:53 localhost.localdomain systemd[1]: Stopped IPv4 firewall with ... Hint: Some lines were ellipsized, use -l to show in full. 列出防火牆 rules,居然仍有 [root@localhost ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere INPUT_direct all -- anywhere anywhere INPUT_ZONES_SOURCE all -- anywhere anywhere INPUT_ZONES all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere FORWARD_direct all -- anywhere anywhere FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere FORWARD_IN_ZONES all -- anywhere anywhere FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere FORWARD_OUT_ZONES all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination OUTPUT_direct all -- anywhere anywhere Chain FORWARD_IN_ZONES (1 references) target prot opt source destination FWDI_public all -- anywhere anywhere [goto] FWDI_public all -- anywhere anywhere [goto] Chain FORWARD_IN_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_OUT_ZONES (1 references) target prot opt source destination FWDO_public all -- anywhere anywhere [goto] FWDO_public all -- anywhere anywhere [goto] Chain FORWARD_OUT_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_direct (1 references) target prot opt source destination Chain FWDI_public (2 references) target prot opt source destination FWDI_public_log all -- anywhere anywhere FWDI_public_deny all -- anywhere anywhere FWDI_public_allow all -- anywhere anywhere Chain FWDI_public_allow (1 references) target prot opt source destination Chain FWDI_public_deny (1 references) target prot opt source destination Chain FWDI_public_log (1 references) target prot opt source destination Chain FWDO_public (2 references) target prot opt source destination FWDO_public_log all -- anywhere anywhere FWDO_public_deny all -- anywhere anywhere FWDO_public_allow all -- anywhere anywhere Chain FWDO_public_allow (1 references) target prot opt source destination Chain FWDO_public_deny (1 references) target prot opt source destination Chain FWDO_public_log (1 references) target prot opt source destination Chain INPUT_ZONES (1 references) target prot opt source destination IN_public all -- anywhere anywhere [goto] IN_public all -- anywhere anywhere [goto] Chain INPUT_ZONES_SOURCE (1 references) target prot opt source destination Chain INPUT_direct (1 references) target prot opt source destination Chain IN_public (2 references) target prot opt source destination IN_public_log all -- anywhere anywhere IN_public_deny all -- anywhere anywhere IN_public_allow all -- anywhere anywhere Chain IN_public_allow (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW Chain IN_public_deny (1 references) target prot opt source destination Chain IN_public_log (1 references) target prot opt source destination Chain OUTPUT_direct (1 references) target prot opt source destination [root@localhost ~]# 經過研究發現,應該要改用 firewall-cmd 命令 要暫時開放 http port,可執行 # firewall-cmd --add-service=http 要永久開放 http port,可執行 # firewall-cmd --permanent --add-service=http # systemctl restart firewalld 要停掉 [root@localhost ~]# systemctl stop firewalld 下面確認一下,真的停掉了 [root@localhost ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@localhost ~]# (下圖) 再從遠端連上網站看看,成功了 也就是 service iptables stop 無法停掉防火牆了 ( 看下面訊息該有支援,Bug 嗎 ?) [root@localhost ~]# service iptables The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl. 設定 httpd 隨作業系統啟動 systemctl enable httpd 其他常用 firewall-cmd 命令 # firewall-cmd --state # firewall-cmd --list-all # firewall-cmd --list-interfaces # firewall-cmd --get-service # firewall-cmd --query-service service_name # firewall-cmd --add-port=8080/tcp (完) 相關 [研究] CentOS 7.0 x64 的網站架設與防火牆 http://shaurong.blogspot.tw/2014/07/centos-linux-701406.html Installing LAMP (Linux, Apache, MariaDB, PHP/PhpMyAdmin) in RHEL/CentOS 7.0 http://www.tecmint.com/install-lamp-in-centos-7/
三、RED7中通过yum安装mongodb的官方步骤:
四、关于RED 7中关闭防火墙命令的描述如下:
http://linux.it.net.cn/CentOS/fast/2014/1102/7635.html