Enabling the Linux firewall for RTM Services
To use RTM with a Linux firewall, you must open several ports, depending on your configuration. Improvements to the Linux firewall over the last several years makes firewall changes quite simple.
Those ports include:
- HTTP Port (80) – Required to redirect traffic to HTTPS.
- HTTPS Port (443) – Required for secure communications.
- MySQL/MariaDB Port (3306) – Required for Remote Data Collectors only.
- Advocate Port (8089) – Required for privileged LSF transactions requiring approval.
- Various License Vendor Daemon Ports (several) – Required for License Services to be able to respond to the client. There can be several ports to open depending on the license vendor.
- Enable the firewall. Run the following command:
systemctl enable firewalld systemctl start firewalld
- At this point, the web server and all remote data collection will likely stop. So, after you do
this, you need to enable services for http, https, and mysql using the following commands:
firecall-cmd --zone=public --permanent --add-service=http firecall-cmd --zone=public --permanent --add-service=https firecall-cmd --zone=public --permanent --add-service=mysql
- By default, the Advocate service uses port 8089, this port can change. You can see the Advocate
port in use by going to
Port. To enable access to the Advocate Port, use the following command:
firewall-cmd --zone=public --permanent --add-port=8089/tcp
and look for the
- For several License Services, especially FLEXlm Services, you have to allow the Vendor Daemon
ports to perform inbound communications. For each service, review the License Service documentation
as to which port to allow inbound on your firewall. Then run the following command, replacing
<port> with the inbound port:
firewall-cmd --zone=public --permanent --add-port=<port>/tcp
- Reload the configuration to enable your changes using the following command: