[Nix-dev] [NixOS] 127.0.0.1 in /etc/hosts
Mathijs Kwik
mathijs at bluescreen303.nl
Thu Oct 11 00:17:56 CEST 2012
I was looking in the wrong place again.
Turns out nixos' mongo module defaults binding to 127.0.0.1 which is a
secure default for people who don't have a firewall up.
Setting this to 0.0.0.0 fixes the issue.
Firewall seems unrelated.
Sorry for the confusion and thanks for your help.
On Wed, Oct 10, 2012 at 8:29 PM, Eelco Dolstra
<eelco.dolstra at logicblox.com> wrote:
> Hi,
>
> On 10/10/12 12:00, Mathijs Kwik wrote:
>
>> mongodb seems to connect to itself, but does so by hostname.
>> This used to resolve to lo(127.0.0.1), which the firewall fully trusts.
>> Now it resolves to eth0/wlan0 and the firewall rejects these requests
>> (I do not want external connections to it).
>
> Hm, I can't reproduce this (in 3.2.30). Local traffic that connects to a local
> IP address appears to come in through the loopback interface, so it's always
> accepted.
>
> So when I drop the iptables rule that accepts all loopback traffic, I get
> firewall messages like:
>
> Oct 10 14:21:31 mandark kernel[7522]: [151059.852511] rejected connection: IN=lo
> OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=10.100.13.12
> DST=10.100.13.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=25637 DF PROTO=TCP
> SPT=58166 DPT=1234 WINDOW=32792 RES=0x00 SYN URGP=0
>
> Note SRC/DST=10.100.13.12 and IN=lo. 10.100.13.12 is my wlan0 address.
>
> --
> Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
More information about the nix-dev
mailing list