Linux Firewalld Setup - Failed again

KodeKloud Engineer
#1

Please help me to understand the question:

cat /etc/httpd/conf/httpd.conf | grep Listen
yum install firewalld -y
systemctl start firewalld && systemctl enable firewalld && systemctl status firewalld
firewall-cmd --state && firewall-cmd --reload

sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp
sudo firewall-cmd --reload
sudo systemctl restart firewalld
sudo firewall-cmd --zone=public --list-all
systemctl status nginx && systemctl status httpd

image
image1848×746 109 KB

#2

Did u allow nginx port and add LoadBalancer rich rule in the firewalld.

#3

I did the same:

image
image1776×872 124 KB

#4

@Inderpreet … nginx service is running on stapp01, still it says nginx is not reachable on app server 1

#5

firewall-cmd --zone=public --add-port=8098/tcp --permanent #Nginx
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-rich-rule=‘rule family=“ipv4” source address=“172.16.238.14” port port=3000 protocol=tcp accept’ #Forward traffic from LB to Apache

#6

Dont forget to add the interface
firewall-cmd --permanent --zone=public --change-interface=eth0

Validate your configuration
firewall-cmd --get-active-zones
firewall-cmd --zone=public --list-all

#7

Hi @Inderpreet I’m facing issue with the lab while doing the firewalld task
The service isn’t starting.

Screenshot from 2020-06-01 16-28-58
Screenshot from 2020-06-01 16-28-581920×1080 443 KB

#8

Hi,
Db exception can be fixed by restarting below services

sudo systemctl restart dbus
sudo systemctl restart firewalld
1 Like
#9

Try with this command iptables -F, its working for me, and just try to connect after using this command.

#10

Hi @ramith

i get an error when run last command (apache)

Linux firewalld_task
Linux firewalld_task821×140 5.57 KB

Could you please help me how to fix this.

#12

@yogendra you have to add a rich rule as I have mentioned :slight_smile:
firewall-cmd --permanent --zone=public --add-rich-rule=‘rule family=“ipv4” source address=“172.16.238.14” port port=5003 protocol=tcp accept’

#13

Hi ramith,

I get errors when running rich rule command:

image
image959×158 12.8 KB

is there something wrong with the command, i’m unable to complete this step

#14

I’ve had problems with single quote character

#15

Hey!
Try firewall-cmd --permanent --zone=public --add-rich-rule=‘rule family=ipv4 source address=172.16.238.14 port port=<apache_port> protocol=tcp accept’

#16

Thanks it worked later, as issue with " ’ "

#17

I used the below commands and the Nginx service is also running, but still, the task was failed.

sudo yum install firewalld -y
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo firewall-cmd --zone=public --add-port=8093/tcp --permanent
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-rich-rule=‘rule family=“ipv4” source address=“172.16.238.14” port port=5000 protocol=tcp accept’

kodecloud taks
kodecloud taks2758×1270 526 KB

@player001 @sudheer @AdithiR @Montbra @ramith @Inderpreet

#18

this task can be completed with few steps (questions are the major hints)
let me know if anyone needs help with this task.

#19

If any wanna know where made mistake gone through for better understanding

#20

@swatip

Seems like you haven’t blocked Apache port for all others except for LB host. What is the error you got after submitting the task ?

#21

For Tutorial/Solution