Monday, December 07, 2020

Firewall-cmd to open ports

My notes to open internal firewall on a newly built server.

 

On a newly built Redhat/Oracle Linux all the ports are blocked by default

I installed Oracle & the listener is running on port 1521 port - I was not able to access the port from other servers or from network. The fix is to open internal firewall, this can be performed using GUI/command line options.


Important

"firewall-cmd  --reload"   Always run after adding/removing a port/service .


Verify opened ports

$ firewall-cmd --list-ports


Add Ports - TCP/UDP

$ firewall-cmd --permanent --add-port=1521/tcp

$ firewall-cmd --permanent --add-port=7001-7099/tcp 

$ firewall-cmd  --permanent --list-ports

blank

$ firewall-cmd  --reload

$ firewall-cmd  --list-ports

1521/tcp 7001-7099/tcp 


Add Service  - Instead of TCP/UDP, you can also add service function

$ firewall-cmd --permanent --add-service=ssh

$ firewall-cmd --permanent --add-service=http

Remove Port

$ firewall-cmd --permanent --remove-port=444/udp

$ firewall-cmd --permanent --remove-port=1521/tcp

$ firewall-cmd --permanent --remove-port=7001-7099/tcp 


$ firewall-cmd --list-all

public (active)

  target: default

  icmp-block-inversion: no

  interfaces: eth0

  sources:

  services: dhcpv6-client postgresql ssh

  ports: 1521/tcp 1522/tcp 22/tcp

  protocols:

  masquerade: no

  forward-ports:

  source-ports:

  icmp-blocks:

  rich rules:


Ref:

https://www.liquidweb.com/kb/an-introduction-to-firewalld/

https://landoflinux.com/linux_firewall_config_tool.html

https://www.tecmint.com/open-port-for-specific-ip-address-in-firewalld/

https://firewalld.org/documentation/howto/open-a-port-or-service.html

https://firewalld.org/documentation/howto/add-a-service.html





EFS filesystem inode64 libjvm.so

 On Amazon EFS filesystem I am trying to stage the Oracle EBS 12.2 software


Received the following error when staging the software using buildStage.sh 

 

Error: no `server' JVM at `/software/EbsStage/startCD/Disk1/rapidwiz/jre/Linux_x64/1.6.0/lib/i386/server/libjvm.so'.

Press Enter to continue ...


Reason

EFS filesystem uses inode64 but the software is looking for inode32 filesystem.

The same issue can also occur on XFS filesystem larger than 1 TB. In that case you can use "inode64" in /etc/fstab and remount the filesystem. But for mounting NFS filesystem there is no inode64 option. 


Fix:

$ echo "options nfs enable_ino64=0"  > /etc/modprobe.d/nfs.conf

Reboot the server or remount the filesystem to resolve the above issue.


Ref: 

https://access.redhat.com/solutions/22256

https://www.mjr19.org.uk/sw/inodes64.html




Extend XFS root Fileystem

 My Notes to extend the existing XFS root filesystem

O/S: Redhat 7 

1) Create new Disk

fdisk /dev/sda  
-- create new partition

2) Recognize the new disk
$ partprobe
-- Error "The backup GPT table is not at the end of the disk"

$parted -l
Error: The backup GPT table is not at the end of the disk, as it should be.
This might mean that another operating system believes the disk is smaller.
Fix, by moving the backup to the end (and removing the old backup)?
Fix/Ignore/Cancel? Fix 

3) Verify the new disk added 
$ lsblk


4) Create Physical Volume
$ pvs /dev/sda5

5) Extend the existing root volume group
$ vgextend rhel /dev/sda5

6) Extend the Logical Volume
$ lvextend -l 100%FREE /dev/rhel/root

7) Verify if the new disk is added 
$ df -h
-- Still my filesystem has old size

8) Extend the root filesystem 
$ xfs_growfs -d /

9) Verify if the new disk is added 
$ df -h

Good Luck!