I've been trying to setup my first production environment and was following along with Coda Hale's blog entry; I'm on a FreeBSD machine, so I've had to tweak a few things from the Linux based presentation. Generally most things have worked. However I'm having a minor difficulty with mongrel_cluster.
The cluster is configured and with the "address: 127.0.0.1" line commented out I was able to verify that the three mongrels were active. When I uncomment that line, commit, and redeploy, however the three mongrels are still responding to requests directly when the tutorial says they shouldn't be. I've also tried using "localhost" instead of 127.0.0.1 as I know sometimes different platforms special case that differently, but its behaving the same way.
Does anyone have any experience for what else I need to look at to "lock-down" the individual mongrels of a mongrel_cluster under FreeBSD?
Are you by any chance using a jail? If so, localhost/127.0.0.1 doesn't really exist... the only thing that the jail can bind to is the public IP address... which is why you're still able to request it...
What you could do if you don't want people hitting mongrel directly is in the host (assuming this is a jail issue) have the firewall block requests to that port on the public IP if it's coming from the outside world (based on inbound traffic on the external nic).
-philip