• Add a Comment
  • Edit
  • More Actions v
  • Quarantine this Entry

Comments (6)

1 Puneet Babbar commented Permalink

I tried using the iptables based approach on the image i have provisioned to enable some ports, but when i issue the command, i get an error
# service iptables start
service: no such service iptables

i checked that the iptables rpm was installed and commands like iptables -L were also working, but i just couldnt start it as a service.
Any ideas on how to proceed?

2 Benjamin Weissman commented Permalink

I have noticed that there are no firewall - rules section in the RTC deployment. Was is the default behavior when there are no firewall settings in the parameters.xml file?

3 Nicolouw Kruger commented Permalink

Hi there

I posted this here under "Support" of Dev/Test and also on SBY page...
No responses there yet -
Am trying to work out of the above posting applies 100% to SBY based instances, or not?
If not - then what applies there - PLEASE
Please advise this is urgent

4 Dmitry Rekesh commented Permalink

Ok just a few comments:

a. the "service" command is located under /sbin, so you can always do /sbin/service iptables start
to overcome any path issues;
b. The default behavior - on the hypervisor in the pilot -- is to lock down everything but 22, 443, 80.

5 Nicolouw Kruger commented Permalink

HI there

Some feedback re this
We are working on the SBY cloud, not sure if all is same vs. POK and RTC instances...
We have used IPtables with success, as per Dmitry's notes...
This is true for "run of mill" images like RHEL x32bit, no fancy stuff on top
However, the issue happens when one runs "out of normal" images
e.g. we used the DB2 enterprise image on top of RHEL x64
It comes with locked down ports, no matter what we do in IPtables...
e..g we cannot open port 18080 (its just a test)
only the minimal DB2 ports are open
If we stop IPtables then only the DB2 ports remain open
Meaning IPtables is kind of useless on these images...
Point is; the IPtables behaviour is subject to the hypervisor level
So, unless the image is OK at hypervisor level, then you are stuffed
That is how we read this - please advise IF otherwise...

6 Dmitry Rekesh commented Permalink

To Nick's comment -- all is not lost!

Just capture an image of that instance of yours, then edit parameters.xml and re-provision.
Hope this helps -- Dima

Add a Comment Add a Comment