08 Configure Firewall Rules
07 Complete OMS 12.1.0.3.1 Installation
09 Additional Configuration Tasks

Contents

  1. 1 Overview
  2. 2 References
  3. 3 Procedure
    1. 3.1 First Attempt
    2. 3.2 Current Settings
    3. 3.3 Add a Simple Rule
    4. 3.4 Add the Other Rules
    5. 3.5 Save the Firewall Rules
    6. 3.6 Success!

Overview

I was unable to connect to the OMS console due to firewall settings on CRONULLA.

References

Procedure

First Attempt

Based on 4.7 Configuring the System Firewall and 11 Configuring Enterprise Manager for Firewalls , I issued the following command to update the firewall: 

iptables --insert INPUT 5 --proto tcp --match state --state NEW --match tcp -–dport 3872 --jump ACCEPT

And I got the following error messages: 

iptables v1.4.7: option `-m' requires an argument
Try `iptables -h' or 'iptables --help' for more information.

Current Settings

Following the examples blindly from the manual did not get me anywhere, so I had to find out the real way to do things.

From the online help (via iptables --help , I discover the following command:

iptables --list-rules INPUT

The result is: 

-P INPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED --jump ACCEPT
-A INPUT -p icmp --jump ACCEPT
-A INPUT -i lo --jump ACCEPT
-A INPUT -p tcp -m state --state NEW --match tcp --dport 22 --jump ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited

The rule numbering is based on the -A lines (or append to chain).

Add a Simple Rule

I want to insert a rule before the catch-all rejection at rule #5. I tried the following commands:

iptables --insert INPUT 5 --proto tcp --match state --state NEW --match tcp --dport 3872 --jump ACCEPT

The addition of the source address seemed to be causing problems, so I left it out. The absence of the source address does not concern me as I have a private network behind an internet firewall.

I listed the rules again for the INPUT chain: 

-P INPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED --jump ACCEPT
-A INPUT -p icmp --jump ACCEPT
-A INPUT -i lo --jump ACCEPT
-A INPUT -p tcp -m state --state NEW --match tcp --dport 22 --jump ACCEPT
-A INPUT -p tcp -m state --state NEW --match tcp --dport 3872 --jump ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited

Add the Other Rules

To complete the rules needed to satisfy 11 Configuring Enterprise Manager for Firewalls , I added the following, based on the ports configured in 07 Complete OMS 12.1.0.3.1 Installation : 

iptables --insert INPUT 6 --proto tcp --match state --state NEW --match tcp --dport 4889 --jump ACCEPT
iptables --insert INPUT 7 --proto tcp --match state --state NEW --match tcp --dport 4903 --jump ACCEPT
iptables --insert INPUT 8 --proto tcp --match state --state NEW --match tcp --dport 7102 --jump ACCEPT
iptables --insert INPUT 9 --proto tcp --match state --state NEW --match tcp --dport 7202 --jump ACCEPT
iptables --insert INPUT 10 --proto tcp --match state --state NEW --match tcp --dport 7301 --jump ACCEPT
iptables --insert INPUT 11 --proto tcp --match state --state NEW --match tcp --dport 7403 --jump ACCEPT
iptables --insert INPUT 12 --proto tcp --match state --state NEW --match tcp --dport 7788 --jump ACCEPT
iptables --insert INPUT 13 --proto tcp --match state --state NEW --match tcp --dport 7802 --jump ACCEPT
iptables --insert INPUT 14 --proto udp --match udp --dport 3872 --jump ACCEPT
iptables --insert INPUT 15 --proto udp --match udp --dport 4889 --jump ACCEPT
iptables --insert INPUT 16 --proto udp --match udp --dport 4903 --jump ACCEPT
iptables --insert INPUT 17 --proto udp --match udp --dport 7102 --jump ACCEPT
iptables --insert INPUT 18 --proto udp --match udp --dport 7202 --jump ACCEPT
iptables --insert INPUT 19 --proto udp --match udp --dport 7301 --jump ACCEPT
iptables --insert INPUT 20 --proto udp --match udp --dport 7403 --jump ACCEPT
iptables --insert INPUT 21 --proto udp --match udp --dport 7788 --jump ACCEPT
iptables --insert INPUT 22 --proto udp --match udp --dport 7802 --jump ACCEPT

Checking the results: 

[root@cronulla ~]# iptables --list-rules INPUT
-P INPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3872 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 4889 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 4903 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 7102 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 7202 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 7301 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 7403 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 7788 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 7802 -j ACCEPT
-A INPUT -p udp -m udp --dport 3872 -j ACCEPT
-A INPUT -p udp -m udp --dport 4889 -j ACCEPT
-A INPUT -p udp -m udp --dport 4903 -j ACCEPT
-A INPUT -p udp -m udp --dport 7102 -j ACCEPT
-A INPUT -p udp -m udp --dport 7202 -j ACCEPT
-A INPUT -p udp -m udp --dport 7301 -j ACCEPT
-A INPUT -p udp -m udp --dport 7403 -j ACCEPT
-A INPUT -p udp -m udp --dport 7788 -j ACCEPT
-A INPUT -p udp -m udp --dport 7802 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited

Save the Firewall Rules

I used the following command to update the firewall: 

service iptables save

Success!

I am now able to access the OEM Console from RYDE .