Regretfully, we have to put up with security invading our life maybe more than any danger that might occur. This is true in our personal as well as public life. Recently I spent the day pulling my hair out because I couldn't achieve a very novice accomplishment like turning apache on and accessing a web page. More specifically, port 80 was not accessible while ping and ssh worked... well of course, they are on different ports.
In AWS EC2 parlance the Security Group must allow port 80 to be open.... and it was. I looked at it 10 times over 12 hours doubling checking again and again. It wasn't a mistake at on the apache-level, EC2-configuration, Selinux, iptable conflicts, host files, OS file or group permissions, file ownership, httpd.conf file, unavailable ports, the setroubleshoot service, or anything I could find on the EC2 forum.
It was just a firewall, a second frigging firewall... can you believe it. The Red Hat firewall is set up for you by default. My focus was on the EC2 firewall not knowing that RH already has one running by default. In my case I was using Oracle's Linux, but you always have to remember that it is a RH derivative.
What's my excuse for not knowing this?.... In the parlance of Dr. McCoy... "Damn it Jim, I'm a DBA not a RH nerd."
And I'll be damned if I'm going to make changes to the iptables... port by port, even when I did see a web comment or two in that direction. The syntax is totally greek even for a geek!
Actually, it is quite easy to turn off the RH firewall without making changes to the iptables. The last command supposedly does a permanent disable.
But that's not all... oh no, it isn't that simple. After another hour of frustration I needed a dope slap and good. Not because I'm a dope, but because I needed to wake up from 10 hours of security hell frying my brain. The final solution was to turn off IPV4 and IPV6.
Am I going to turn the RH firewall back on? What do you think.
In AWS EC2 parlance the Security Group must allow port 80 to be open.... and it was. I looked at it 10 times over 12 hours doubling checking again and again. It wasn't a mistake at on the apache-level, EC2-configuration, Selinux, iptable conflicts, host files, OS file or group permissions, file ownership, httpd.conf file, unavailable ports, the setroubleshoot service, or anything I could find on the EC2 forum.
It was just a firewall, a second frigging firewall... can you believe it. The Red Hat firewall is set up for you by default. My focus was on the EC2 firewall not knowing that RH already has one running by default. In my case I was using Oracle's Linux, but you always have to remember that it is a RH derivative.
What's my excuse for not knowing this?.... In the parlance of Dr. McCoy... "Damn it Jim, I'm a DBA not a RH nerd."
And I'll be damned if I'm going to make changes to the iptables... port by port, even when I did see a web comment or two in that direction. The syntax is totally greek even for a geek!
Actually, it is quite easy to turn off the RH firewall without making changes to the iptables. The last command supposedly does a permanent disable.
# service iptables save
# service iptables stop
# chkconfig iptables offBut that's not all... oh no, it isn't that simple. After another hour of frustration I needed a dope slap and good. Not because I'm a dope, but because I needed to wake up from 10 hours of security hell frying my brain. The final solution was to turn off IPV4 and IPV6.
# service ip6tables save
# service ip6tables stop
# chkconfig ip6tables offAm I going to turn the RH firewall back on? What do you think.
No comments:
Post a Comment