• Your cart is empty
  •  

SimplerCloud Pte Ltd

×
×

My application is not running on port X, any firewall services in place?

Back

Yes, for certain servelets, default host-based firewall rules (such as iptables on CentOS) are in place and turned on by default. You can modify the firewall rules to open up the port required by the application, or engage our managed host-based firewall service for us to manage the firewall rules for you. Alternatively, you can disable the host-based firewall service, although it's not recommended.

To open up a port in iptables, see below instruction and example.

For example, you would like to open up port 9000 for your application to listen to. The default iptables rules on our CentOS 6.5 template is as follows:

===
[root@CentOS65-64bit ~]# iptables --line-numbers -L
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 ACCEPT icmp -- anywhere anywhere
3 ACCEPT all -- anywhere anywhere
4 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
5 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
===

What you can do is to insert an ACCEPT rule under the chain INPUT before the REJECT line (line 5 above) to open port 9000 for your servelet.

iptables -I INPUT 5 -p tcp --dport 9000 -j ACCEPT

This will add the rule to open up port 9000 on your servelet, just before the REJECT line. Sample iptables -L result below:

===
[root@CentOS65-64bit ~]# iptables --line-numbers -L
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
2 ACCEPT icmp -- anywhere anywhere
3 ACCEPT all -- anywhere anywhere
4 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
5 ACCEPT tcp -- anywhere anywhere tcp dpt:cslistener
6 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
===

Note that "cslistener" is the service name associated with port 9000 as per /etc/services. To save the iptables rule so that the changes will also be applicable during server reboot:

service iptables save

Was this article helpful?
Dislike0 Like0
Views: 1784