Thursday, August 14, 2014

Linux OS firewall (IPv4 packet filter rules) blocking http connection

Linux OS firewall (IPv4 packet filter rules) blocking http connection

In this article I just want to share small piece of solution which we have found after struggling a bit. In our lab environment we were having two virtual servers 1) vff-soa-vs01 and 2) vff-soa-vs02.  We have installed admin server on vff-soa-vs01 on higher port range e.g. 10001, and it was running successfully as it can be verified in adminserver.out log, via netstat commands and ps –ef | grep weblogic commands.

However, when we tries to access this admin server from other virtual server vff-soa-vs02 it never get access. Even from windows desktop machine it was not getting opened.

While connectivity from both virtual servers was perfectly working. The below facts were working fine

1)    Vff-soa-vs01 was getting pinged from vff-soa-vs02 server
2)    Vff-soa-vs02 server was able to do telnet to vff-soa-01 server on port 22
3)    Vff-soa-vs02 was not able to do telnet on port 10001on vff-soa01 machine.

4)    Admin server was running on vff-soa-vs01 without any problem which can be verified using netstat, ps commands and logs files.

5)    Admin server url was not getting accessible from browser –

After troubleshooting a bit we came across OS level firewall which get implemented using “iptables” command.

The easiest way to fix this problem to stop the ‘iptables’ service using below command, if you have already implemented firewall at web tire, application tier and database tire level.

“service iptables stop”

If you want iptables to stop permanently then use below command - 

chkconfig iptables off

Alternatively, you can add specific rule in iptables to allow your systems ip to communicate each other. For detailed information about iptables command and configuration look for other articles, the one suitable which

I have found below useful urls -

One we have stopped the iptables service then immediately admin console url start working.

I hope above information which is very concise but can help you to fix your access problem.

No comments:

Post a Comment