I thought that bindIp is to autorize the client IP (external) to connect to the MongoDB server. My MongoDB server is on the 18.104.22.168 and my client is on 22.214.171.124.
So I autorize to connect locally plus an external client (126.96.36.199).
Could you explain me why autorizing the mongoDB server IP (188.8.131.52) will autorize an external connection for a client (184.108.40.206)?
Should I bind: 127.0.0.1, 220.127.116.11 and 18.104.22.168 ?
By default the mongod process only binds to the localhost (127.0.0.1) loopback IP address which limits connections to those originating from the same host. The net.bindIP configuration value enables the process to bind to one or more local network interfaces.
Your real world use case is adding the 22.214.171.124 address to allow non-localhost connections.
You cannot bind to the external 126.96.36.199 IP address; this will result in a startup error for mongod similar to:
Failed to set up listener: SocketException: Can’t assign requested address
The only valid bind IPs are addresses for local network interfaces. For example:
Listening to 188.8.131.52 allows any client with an open route to this IP address and port combination to connect.
As @steevej noted, you need to configure a firewall to restrict remote access based on client IPs.
I strongly recommend configuring (and testing) role-based access control and network encryption before opening your deployment to broader network exposure. For more information on available security measures, please review the MongoDB Security Checklist.