IPtables Installation And Configuration-failed

Hi @player001 @akshayyw

I followed these step but taks is failed with error appache service not running, while its was running, screen shot given.

Steps:
sudo yum install iptables-services
sudo systemctl start iptables
sudo systemctl enable iptables


sudo iptables -A INPUT -p tcp --destination-port 6100 -s 172.16.238.14 -j ACCEPT
sudo iptables -A INPUT -p tcp --destination-port 6100 -j DROP
sudo service iptables save

Hello, @bilalshakir41396
Did you check is it reachable app01 server to LBR server?

No,

So what I have missed?

@player001 I am waiting for your response please.

No, issue. KKE team will look into it. I cannot check validation issues.

Thanks for your response @player001

@KodeKloud @kodekloud-support3 Can you check please?

You have to tag inderpreet and rahul456. They check validation and technical issues.

@Inderpreet @rahul456 Please check the validation issue for this task.

@bilalshakir41396 This is the original error you got for your task

 Apache service on App Server 1 is not reachable from LB host

Which means you didn’t add the correct rules in Iptable to open Apache access for LB host (as asked in the question) even though Apache service was up but if correct rules weren’t added then it won’t be reachable from LB host.

Thanks for the response,

Can you check the below commands I used to add the rules are correct?

sudo iptables -A INPUT -p tcp --destination-port 6100 -s 172.16.238.14 -j ACCEPT
sudo iptables -A INPUT -p tcp --destination-port 6100 -j DROP

Hello @Inderpreet and @player001

Please kindly check my instance and see where I went wrong.

I run sudo iptables-save to save rules with persistence after reboot on all app servers but has this error

  • rule was not added permanently on App Server 1

Hoping to hear from you soon.

In general, AFAIK, iptables save will save the existing rules in a text file, that you must manually load during boot or on every service restart. In Red Hat based distros however, you can edit /etc/sysconfig/iptables file and reload(or restart) the respective systemd service with systemctl reload iptables.

Dropping the traffic is redundant since you specified the source IP in the ACCEPT statement. It would be necessary if the ACCEPT statement was broader and needed to limit it, eg: ACCEPT an entire subnet and DROP a couple of hosts.

theoretically, if you are allowing ONLY a host, you should not allow the entire network.

try allowing " established, related " also…