问题
I setup the VPC as described here: http://docs.amazonwebservices.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html
And I have a box in the private subnet, that I want to use as a mongo box. The private IP is 10.0.1.51.
I can connect to mongod instance over localhost, but not over the private IP:
ubuntu@ip-10-0-1-51:~$ mongo localhost
connecting to: localhost
> this works
> ^Cubuntu@ip-10-0-1-51:~$ mongo 10.0.1.51
Fri Sep 21 02:23:18 Error: couldn't connect to server 10.0.1.51 shell/mongo.js:81
exception: connect failed
ubuntu@ip-10-0-1-51:~$
The security group allows incoming and outgoing port 27017.
The route table has
10.0.0.0/16 local
entry.
What am I missing?
回答1:
Three things affect network connectivity on Amazon VPC.
- Route tables - the default one should be sufficient.
- Security Groups - double checking wouldn't hurt.
- Network ACLs - though I can't remember the default rule, it may be DENY. These can be modified under the VPC tab in the AWS console. These rules are unlink security groups, says Amazon, "Network ACLs are stateless, which means for any given request you want to handle, you must create rules in both directions."
My guess is that it's your ACLs, since you didn't mention them in your original post.
回答2:
The problem was actually in mongodb config, not the routing tables. MongoDB, like MySQL, needs to allow connections from a specific host.
In mongodb.conf:
bind_ip = <%= @bind_ip || '127.0.0.1' %>
port = <%= @port || '27017' %>
Where @bind_ip and @port are the IP and port of your server as it appears to the client nodes.
来源:https://stackoverflow.com/questions/12523460/how-to-open-mongo-port-in-amazon-aws-vpc-private-subnet