Linux Firewalld Setup - firewall-cmd --list-all

Good to know that. Good job! Thanks @juliettet!

1 Like

Hi @Chance,

Thanks for asking!!

1 Like

@juliettet
Can you please tell me where i went wrong ?
image

I followed the steps outlined in your reply

Hi @SZI,

It is difficult for me to tell where exactly you may have gone wrong without getting some more details with regards to the steps that you have taken, but from the image/screenshot, it looks to me like you failed to implement step 2:

Allow incoming connections from LB host only on Apache port and block for all others.

Try adding a rich rule that forwards traffic from LB to Apache.

Hope this helps:-)

@juliettet,
I followed the below steps referring to your earlier post.

#To check the status of nginx and httpd
systemctl status nginx && systemctl status httpd

#To check the port number for nginx and httpd
grep -i Listen /etc/httpd/conf/ht* /etc/nginx/nginx.conf

#install firewall & start and check status
yum install firewalld -y
systemctl start firewalld && systemctl enable firewalld && systemctl status firewalld

find nginx port 8096

yum install net-tools
netstat -tulpn | grep LISTEN
systemctl restart dbus

systemctl start firewalld && systemctl enable firewalld && systemctl status firewalld

#adding firewall rules to allow and block

firewall-cmd --zone=public --add-port=8096/tcp --permanent
firewall-cmd --permanent --zone=public --add-service={http,https}
firewall-cmd --permanent --zone=public --add-rich-rule=‘rule family=“ipv4” source address=“172.16.238.14” port protocol=tcp port=8087 accept’
firewall-cmd --permanent --zone=public --change-interface=wan

firewall-cmd --reload
firewall-cmd --get-active-zones
systemctl restart firewalld && systemctl status firewalld
firewall-cmd --zone=public --list-ports && firewall-cmd --zone=public --list-all && firewall-cmd --list-all

Also, modified the nginx config file

server {
listen 8087;
listen [::]:8087;
server_name 172.16.238.10;
root /usr/share/nginx/html;
}

proxy_pass http://172.16.238.10:8087/;

1 Like

Hi @SZI,

Take a look at what you have in your server block:

server {
listen 8087;
listen [::]:8087;
server_name 172.16.238.10;
root /usr/share/nginx/html;
}

The server block should be listening on the nginx port 8096, not on the apache port 8087. Leave proxy_pass http://172.16.238.10:8087/; as it is because Nginx is running as a reverse proxy server for Apache (as stated in the instructions).

I hope this helps:-)

…and make sure to restart nginx & apache after you’ve made your changes:

systemctl restart nginx
systemctl status httpd

BTW, I assume that you are running these command as the root user because there is no sudo prepended to your commands…

3 Likes

Hi @juliettet, Thank you for pointing out. I recognized my silly mistake while doing this task. But the task is marked as failed and not letting me know to retry since yesterday. Any thoughts as how to bring it back to review mode so i can give a try ?

1 Like

Hi @SZI,

You should have an option (in your dashboard, on the right side of the task that was marked as failed) to mark for review. Click on that & when someone responds with the correct answer/response, click on the check mark to mark the response as correct. After that, you should see an option to retry the task back in your main dashboard.

@juliettet, I checked that. see the image. Today new task has been come in.
image|690x54

But no option to re-try , i think it will be re-assigned in future hopefully. Thanks for your support and response to my queries.

You’re welcome @SZI. Hmmmm…maybe try contacting a KodeKloud admin to see why you’re not getting an option to retry.

Good luck!

1 Like

@juliettet
So the task never became pending and yesterday evening it came as new task and i attempted twice ( some issue with environment) and completed it successfully.

So thanks for your inputs . Happy learning

1 Like

Happy Learning to you too @SZI!!

Thanks for you help with the review Syed! I was able to complete the task!

2 Likes

@jtapia05 Happy Learning!!!

2 Likes