I followed these step but taks is failed with error appache service not running, while its was running, screen shot given.
Steps:
sudo yum install iptables-services
sudo systemctl start iptables
sudo systemctl enable iptables
No,
So what I have missed?
No, issue. KKE team will look into it. I cannot check validation issues.
You have to tag inderpreet and rahul456. They check validation and technical issues.
@bilalshakir41396 This is the original error you got for your task
Apache service on App Server 1 is not reachable from LB host
Which means you didn’t add the correct rules in Iptable to open Apache access for LB host (as asked in the question) even though Apache service was up but if correct rules weren’t added then it won’t be reachable from LB host.
Thanks for the response,
Can you check the below commands I used to add the rules are correct?
sudo iptables -A INPUT -p tcp --destination-port 6100 -s 172.16.238.14 -j ACCEPT
sudo iptables -A INPUT -p tcp --destination-port 6100 -j DROP
Hello @Inderpreet and @player001
Please kindly check my instance and see where I went wrong.
I run sudo iptables-save to save rules with persistence after reboot on all app servers but has this error
Hoping to hear from you soon.
In general, AFAIK, iptables save will save the existing rules in a text file, that you must manually load during boot or on every service restart. In Red Hat based distros however, you can edit /etc/sysconfig/iptables file and reload(or restart) the respective systemd service with systemctl reload iptables.
Dropping the traffic is redundant since you specified the source IP in the ACCEPT statement. It would be necessary if the ACCEPT statement was broader and needed to limit it, eg: ACCEPT an entire subnet and DROP a couple of hosts.
theoretically, if you are allowing ONLY a host, you should not allow the entire network.
try allowing " established, related " also…
why my task again is failed?
@Inderpreet @rahul456 @player001
I have used the commands as follows
sudo yum install iptables-services -y
sudo systemctl start iptables
sudo systemctl enable iptables
iptables -A INPUT -p tcp --destination-port 8083 -s 172.16.238.14 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 8083 -j DROP
sudo service iptables save
I think task still in your hand. You can take help of Review section. After getting your doubts clear. You can attempt again.
I shared for reviews, but everyone has same commands, already I used. Can you highlite my mistake? @player001
Notice that your command comes after the reject action , therefore all traffic blocked except ssh traffic. This is the most tricky question in sysadmins tasks. Hint: don’t use -A flag in this task
I think it will give an error. Add -I before INPUT.
