Linux Firewalld Setup - Failed again

tanvir0102 · May 5, 2020, 3:52pm

Please help me to understand the question:

cat /etc/httpd/conf/httpd.conf | grep Listen
yum install firewalld -y
systemctl start firewalld && systemctl enable firewalld && systemctl status firewalld
firewall-cmd --state && firewall-cmd --reload

sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp
sudo firewall-cmd --reload
sudo systemctl restart firewalld
sudo firewall-cmd --zone=public --list-all
systemctl status nginx && systemctl status httpd

ramith · May 5, 2020, 4:45pm

Did u allow nginx port and add LoadBalancer rich rule in the firewalld.

tanvir0102 · May 5, 2020, 4:48pm

I did the same:

tanvir0102 · May 5, 2020, 4:49pm

@Inderpreet … nginx service is running on stapp01, still it says nginx is not reachable on app server 1

ramith · May 5, 2020, 5:58pm

firewall-cmd --zone=public --add-port=8098/tcp --permanent #Nginx
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-rich-rule=‘rule family=“ipv4” source address=“172.16.238.14” port port=3000 protocol=tcp accept’ #Forward traffic from LB to Apache

devops503 · May 25, 2020, 1:58am

Dont forget to add the interface
firewall-cmd --permanent --zone=public --change-interface=eth0

Validate your configuration
firewall-cmd --get-active-zones
firewall-cmd --zone=public --list-all

akshayyw · June 1, 2020, 11:00am

Hi @Inderpreet I’m facing issue with the lab while doing the firewalld task
The service isn’t starting.

svarma001c · June 15, 2020, 4:55pm

Hi,
Db exception can be fixed by restarting below services

sudo systemctl restart dbus
sudo systemctl restart firewalld

kiselia · June 17, 2020, 11:30am

Try with this command iptables -F, its working for me, and just try to connect after using this command.

yogendra · June 18, 2020, 11:18am

Hi @ramith

i get an error when run last command (apache)

Could you please help me how to fix this.

ramith · June 18, 2020, 1:12pm

@yogendra you have to add a rich rule as I have mentioned
firewall-cmd --permanent --zone=public --add-rich-rule=‘rule family=“ipv4” source address=“172.16.238.14” port port=5003 protocol=tcp accept’

sudheer · July 10, 2020, 4:41pm

Hi ramith,

I get errors when running rich rule command:

is there something wrong with the command, i’m unable to complete this step

Montbra · August 18, 2020, 12:45am

I’ve had problems with single quote character

AdithiR · August 31, 2020, 5:18pm

Hey!
Try firewall-cmd --permanent --zone=public --add-rich-rule=‘rule family=ipv4 source address=172.16.238.14 port port=<apache_port> protocol=tcp accept’