Distributed installations with Application, Loader, or Directory Servers on RHEL

When you deploy the Application, Directory or Loader servers on RHEL as part of a distributed installation, configure the firewall on each RHEL server to allow communication to and from each of the other servers, regardless of the operating system.

About this task

To allow distributed installations with Application, Loader or Directory Servers on RHEL, configure the IPTables service on the RHEL system by using the IP addresses of the other servers as follows:

Procedure

  1. Determine if the firewall is enabled.
    For RHEL 7.x:
    • Checking status:
      systemctl status firewalld
    • Stopping the firewall:
      service firewalld stop
    • Starting the firewall:
      service firewalld start
    Note: If the firewall is not enabled, you do not need to complete the following instructions. Ignore the remainder of this section.
  2. Allow a server through the RHEL firewall by editing the /etc/sysconfig/iptables-config file as user root and specifying the server IP address. For each server, place an entry similar to the following after the first -A RH-Firewall entry in the file: 
    A RH-Firewall-1-INPUT -p all -s <IP address> -j ACCEPT
    This entry allows access from the specified server through the firewall on all ports.
  3. Ensure that you add the following ports to allow clients to access the application server and alarms component. Enter each entry on a single line. 
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -dport 
<ASHTTPPORT> -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -dport 
<ASJRMPINVOKPORT> -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -dport 
<ORACLEPORT> -j ACCEPT
  4. Substitute the correct port numbers for <ASHTTPPORT>, <ASJRMPINVOKPORT>, and <ORACLEPORT>. Here is an example of how the /etc/sysconfig/iptables-config file looks afterward: 
    *filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p all -s <IP address> -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 4444 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1521 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
  5. Run the command as user root: 
    # service iptables restart