DOCS-6308: Elaborate on iptables w/ HTTP interface

i80and · i80and · commit b5b393edfc20 · 2016-12-08T16:12:04.000-05:00
diff --git a/source/tutorial/configure-linux-iptables-firewall.txt b/source/tutorial/configure-linux-iptables-firewall.txt
@@ -119,7 +119,7 @@ members of the replica set. Take the configuration outlined in the
 Traffic to and from a MongoDB Config Server
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Config servers, host the :term:`config database` that stores metadata
+Config servers host the :term:`config database` that stores metadata
 for sharded clusters. Each production cluster has three config
 servers, initiated using the :option:`mongod --configsvr`
 option. [#config-option]_ Config servers listen for connections on port
@@ -155,11 +155,9 @@ instances.
 Traffic to and from a MongoDB Shard Server
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-For shard servers, running as :option:`mongod --shardsvr`
-[#shard-option]_ Because the default port number is ``27018`` when running 
-with the ``shardsvr`` value for the :setting:`~sharding.clusterRole` setting, 
-you must configure the following ``iptables`` rules to allow traffic to and 
-from each shard:
+:ref:`Shard servers <sharding-background>` default to port number
+``27018``. You must configure the following ``iptables`` rules to allow
+traffic to and from each shard:
 
 .. code-block:: sh
 
@@ -187,11 +185,6 @@ Create a rule that resembles the following, and replace the
 
    iptables -A OUTPUT -d <ip-address> -p tcp --source-port 27018 -m state --state ESTABLISHED -j ACCEPT
 
-.. [#shard-option] You can also specify the shard server option with the
-   ``shardsvr`` value for the :setting:`~sharding.clusterRole` setting in the
-   configuration file. Shard members are also often conventional replica sets
-   using the default port.
-
 .. [#migrations] All shards in a cluster need to be able to
    communicate with all other shards to facilitate :term:`chunk` and
    balancing operations.
@@ -204,8 +197,12 @@ Provide Access For Monitoring Systems
    reach all components of a cluster, including the config servers,
    the shard servers, and the :program:`mongos` instances.
 
-#. If your monitoring system needs access the HTTP interface, insert
-   the following rule to the chain:
+#. If your monitoring system needs access to the MongoDB HTTP interface,
+   you must ensure the HTTP interface's port is open. The HTTP interface
+   listens on the :option:`port <--port>` of your :program:`mongod`
+   instance plus ``1000``. By default, this is port ``28017``.
+
+   Insert the following rule to your ``iptables`` chain:
 
    .. code-block:: sh
 
@@ -219,15 +216,15 @@ Provide Access For Monitoring Systems
    .. optional::
 
       For config server :program:`mongod` instances running with
-      the ``shardsvr`` value for the :setting:`~sharding.clusterRole` 
+      the ``shardsvr`` value for the :setting:`~sharding.clusterRole`
       setting, the rule would resemble the following:
 
       .. code-block:: sh
 
          iptables -A INPUT -s <ip-address> -p tcp --destination-port 28018 -m state --state NEW,ESTABLISHED -j ACCEPT
 
       For config server :program:`mongod` instances running with
-      the ``configsvr`` value for the :setting:`~sharding.clusterRole` 
+      the ``configsvr`` value for the :setting:`~sharding.clusterRole`
       setting, the rule would resemble the following:
 
       .. code-block:: sh
