To configure a remote MongoDB server to allow connections from a specific internal IP address, follow these steps:

1. Configure MongoDB to Bind to All Interfaces or Specific IPs

By default, MongoDB binds to 127.0.0.1 (localhost), restricting access to external connections. Update the configuration to allow access from internal IPs.

Steps:

1. Open MongoDB Configuration File: The file is typically located at /etc/mongod.conf on Linux. 

sudo nano /etc/mongod.conf

2. Update the bindIp Setting: Modify the bindIp option to include the internal IP address or 0.0.0.0 to listen on all network interfaces. net: port: 27017 bindIp: 127.0.0.1,192.168.1.100 # Replace 192.168.1.100 with your internal IP Alternatively, allow connections from any IP: 

net:
  port: 27017
  bindIp: 127.0.0.1,192.168.1.100  # Replace 192.168.1.100 with your mongo server ip

3. Restart MongoDB: Apply the changes by restarting the MongoDB service. 

sudo systemctl restart mongod

2. Configure Firewall to Allow Connections

Ensure that your system’s firewall allows traffic to MongoDB’s port (27017 by default).

Steps for UFW (Ubuntu):

  1. Allow access from a specific internal IP: sudo ufw allow from 192.168.1.100 to any port 27017
  2. Check the firewall status: sudo ufw status

Steps for Iptables:

  1. Add a rule for the specific internal IP: sudo iptables -A INPUT -p tcp -s 192.168.1.100 --dport 27017 -j ACCEPT
  2. Save the firewall rules: sudo iptables-save

3. Configure MongoDB Authentication

Ensure MongoDB is secured with authentication. If it’s not already enabled:

  1. Enable Authentication: Edit /etc/mongod.conf and add: 
security:  authorization: "enabled"

2. Create an Admin User: Access the MongoDB shell and create a user with administrative privileges:

To install MongoDB Shell follow the original instruction here: https://www.mongodb.com/docs/mongodb-shell/install/ 

mongosh
use admin
db.createUser({
  user: "admin",
  pwd: "your_secure_password",
  roles: [{ role: "userAdminAnyDatabase", db: "admin" }]
})

Restart MongoDB: 

sudo systemctl restart mongod

4. Whitelist IPs in Cloud-Based MongoDB (Optional)

If using a cloud MongoDB service (e.g., MongoDB Atlas):

  1. Log into the cloud provider’s dashboard.
  2. Navigate to the “Network Access” or “IP Whitelist” section.
  3. Add the internal IP address or CIDR block for the internal network (e.g., 192.168.1.0/24).
  4. Save the changes.

5. Test the Connection

From the internal machine (e.g., with IP 192.168.1.100), test the connection:

  1. Using the MongoDB shell: mongo --host <remote-ip> --port 27017 -u "admin" -p "your_secure_password" --authenticationDatabase "admin"
  2. Using a connection string: mongo "mongodb://admin:your_secure_password@<remote-ip>:27017/admin"

6. Monitor Access Logs

To verify successful connections and troubleshoot issues, check MongoDB logs:

sudo tail -f /var/log/mongodb/mongod.log

Security Notes

  • Avoid exposing MongoDB to the entire internet (use bindIp and firewalls).
  • Use strong passwords and enable SSL/TLS for encrypted connections.
  • Regularly review and update IP whitelists and firewall rules.