IP Binding

Overview

Starting in MongoDB 3.6, MongoDB binaries, mongod andmongos, bind to localhost by default. If thenet.ipv6 configuration file setting or the —ipv6command line option is set for the binary, the binary additionally bindsto the localhost IPv6 address.

Considerations

Warning

Make sure that your mongod and mongosinstances are only accessible on trusted networks. If your systemhas more than one network interface, bind MongoDB programs to theprivate or internal network interface.

To override and bind to other ip addresses, you can use thenet.bindIp configuration file setting or the—bind_ip command-line option to specify a list of hostnames or ipaddresses.

Warning

Before binding to a non-localhost (e.g. publicly accessible)IP address, ensure you have secured your cluster from unauthorizedaccess. For a complete list of security recommendations, seeSecurity Checklist. At minimum, considerenabling authentication andhardening network infrastructure.

For example, the following mongod instance binds to boththe localhost and the hostname My-Example-Associated-Hostname, which isassociated with the ip address 198.51.100.1:

  1. mongod --bind_ip localhost,My-Example-Associated-Hostname

In order to connect to this instance, remote clients must specifythe hostname or its associated ip address 198.51.100.1:

  1. mongo --host My-Example-Associated-Hostname
  2.  
  3. mongo --host 198.51.100.1

To bind to all IPv4 addresses, you can specify the bind ip address of0.0.0.0. To bind to all IPv4 and IPv6 addresses, you can specifythe bind ip address of ::,0.0.0.0 or alternatively, use the newnet.bindIpAll setting or the new command-line option—bind_ip_all.

See also

Firewalls, Security Considerations