iptables blocking local connection to mongodb

I have a VM (Ubuntu 12.04.4 LTS) with mongodb (2.0.4) that I want to restrict with iptables to only accepting SSH (in/out) and nothing else. This is how my setup script looks like to setup the rules:

#!/bin/sh # DROP everything iptables -F iptables -X iptables -P FORWARD DROP iptables -P INPUT DROP iptables -P OUTPUT DROP # input iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -s -j ACCEPT # accept all ports for local conns # output iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT # ssh

But with these rules activated, I can't connect to mongodb locally.

ubuntu ~ $ mongo MongoDB shell version: 2.0.4 connecting to: test Fri Mar 28 09:40:40 Error: couldn't connect to server shell/mongo.js:84 exception: connect failed

Without them, it works fine. Is there any special firewall case one needs to consider when deploying mongodb?

I tried installing mysql, and it works perfectly for local connections. SSH works as exepected (can connect from outside and inside).

The iptables rules looks like this once set:

ubuntu ~ $ sudo iptables -nvL Chain INPUT (policy DROP 8 packets, 1015 bytes) pkts bytes target prot opt in out source destination 449 108K ACCEPT all -- * * state RELATED,ESTABLISHED 0 0 ACCEPT all -- * * 0 0 ACCEPT tcp -- * * tcp dpt:22 0 0 ACCEPT tcp -- * * tcp dpt:80 32 2048 ACCEPT tcp -- * * tcp dpt:443 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy DROP 27 packets, 6712 bytes) pkts bytes target prot opt in out source destination 379 175K ACCEPT all -- * * state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * tcp dpt:22


Outbound traffic must be accepted for the loopback ( as well.

Adding this made it work:

iptables -A OUTPUT -o lo -j ACCEPT


You migth want to try, substituting the line

iptables -A INPUT -s -j ACCEPT


iptables -A INPUT -i lo -j ACCEPT


