How to allow ERA to be ping-able with IP

[Zdenko Rendic 0]

I dont like to have VM's in a customer ESX Infrastructure, that can not be Pinged with they IP adress.

What is the easyest way to get an Ping response from a ERA 6.x  ( right now I use ERA V6.5)?

Best Regards
Zdenko

[Marcos 4,931]

Appliance uses iptables firewall and its configuration is loaded from file /root/firewall.sh. Use text editor from root console to edit this file, i.e.:

nano /root/firewall.sh

and add this line:

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

just before firewall-port.sh is called. After changes are saved, either run script /root/firewall.sh or restart whole system.

[encom 0]

THX

How allow to ping DNS name era server? Server is join to Windows Server domain.

Edited March 31, 2017 by encom

[alexroz 2]

On 3/30/2017 at 5:49 PM, Marcos said:

/root/firewall.sh

There is no such file at my ERA 6.5.31.0 VA

[root@ERA ~]# ls -al /root/
total 1344
dr-xr-x---. 10 root root    4096 Apr  6 14:39 .
dr-xr-xr-x. 17 root root    4096 Mar 30 17:04 ..
-rwxr-xr-x.  1 root root    1188 Apr 26  2016 appliance-boot.sh
lrwxrwxrwx.  1 root root      36 Apr 25  2016 appliance-configuration-log.txt -> /tmp/appliance-configuration-log.txt
-rw-r--r--.  1 root root       0 Mar 30 16:37 appliance-configured-manually
-rw-r--r--.  1 root root       0 Mar 30 16:37 appliance-configured-successfully
-rwxr-xr-x.  1 root root 1218496 Feb 15  2016 appliance-gui
-rw-r--r--.  1 root root    1640 May  5  2016 appliance-gui-menu-configured-server.txt
-rw-r--r--.  1 root root     470 Feb 17  2016 appliance-gui-menu-configured.txt
-rw-r--r--.  1 root root     551 Oct 14 07:14 appliance-gui-menu-configured-vagenthost.txt
-rw-r--r--.  1 root root    1640 Mar 30 16:37 appliance-gui-menu.txt
-rw-r--r--.  1 root root     638 Mar  1  2016 appliance-gui-menu-unconfigured.txt
drwxr-xr-x.  3 root root    4096 Mar 30 16:31 appliance-web-conf
-rw-------.  1 root root    1670 Apr  6 17:23 .bash_history
-rw-r--r--.  1 root root      18 Dec 29  2013 .bash_logout
-rw-r--r--.  1 root root   10010 Aug 22  2016 .bash_profile
-rw-r--r--.  1 root root     176 Dec 29  2013 .bashrc
-rwxr-xr-x.  1 root root    7983 Jan 17 15:08 clear-previous-installation.sh
drwxr-xr-x.  3 root root    4096 Jun  8  2016 conf-backup
drwx------.  3 root root      17 Feb  4  2016 .config
-rwxr-xr-x.  1 root root    1437 Apr 26  2016 configure-domain.sh
-rw-r--r--.  1 root root     100 Dec 29  2013 .cshrc
-rw-r--r--.  1 root root   38881 Mar  9 20:40 era-appliance.pyc
drwxr-xr-x.  2 root root    4096 Mar  9 20:41 eset_installers
drwx------.  2 root root      94 Apr  9 09:21 .gnupg
-rw-r--r--.  1 root root    2655 May  5  2015 help-with-domain.txt
-rw-------.  1 root root     170 Feb 15  2016 .lesshst
drwx------.  2 root root      43 Apr  6 15:12 .links
-rw-------.  1 root root       0 Mar 30 16:30 .mysql_history
-rw-r--r--.  1 root root    1270 Mar 30 16:37 ovf.xml
drwxr-----.  3 root root      18 Feb  4  2016 .pki
-rwxr-xr-x.  1 root root     277 Feb 16  2016 rejoin-domain.sh
-rw-------.  1 root root    1024 Feb 11  2016 .rnd
drwxr-xr-x.  3 root root    4096 Feb 18  2016 system-backup
-rw-r--r--.  1 root root     129 Dec 29  2013 .tcshrc
-rw-r--r--.  1 root root       0 Mar 30 17:02 webmin-is-enabled

I have access to ERA true https and SSH. But can't ping it. I get "request timed out" when pinging to ERA with it's IP.

Edited April 9, 2017 by alexroz

[MartinK 376]

Firewall configuration in CentOS7 based appliances (since ERA 6.4) has been changed to "conform" standard behavior.

What you have to do is execute command:

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

which will enable ping from outside network. Please verify it, and if it will work as expected, execute command:

service iptables save

to persist firewall configuration changes. Otherwise changes will be lost after machine reboot.

[Zdenko Rendic 0]

Thanks MartinK, now it works!

 

I just connected with Putty to the ERA Ip and put these 2 Lines:

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

service iptables save

 

Best Regards

Zdenko