Zdenko Rendic 0 Posted March 30, 2017 Posted March 30, 2017 I dont like to have VM's in a customer ESX Infrastructure, that can not be Pinged with they IP adress. What is the easyest way to get an Ping response from a ERA 6.x ( right now I use ERA V6.5)? Best Regards Zdenko
Administrators Marcos 5,458 Posted March 30, 2017 Administrators Posted March 30, 2017 Appliance uses iptables firewall and its configuration is loaded from file /root/firewall.sh. Use text editor from root console to edit this file, i.e.: nano /root/firewall.sh and add this line: iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT just before firewall-port.sh is called. After changes are saved, either run script /root/firewall.sh or restart whole system.
encom 0 Posted March 31, 2017 Posted March 31, 2017 (edited) THX How allow to ping DNS name era server? Server is join to Windows Server domain. Edited March 31, 2017 by encom
alexroz 2 Posted April 9, 2017 Posted April 9, 2017 (edited) On 3/30/2017 at 5:49 PM, Marcos said: /root/firewall.sh There is no such file at my ERA 6.5.31.0 VA [root@ERA ~]# ls -al /root/ total 1344 dr-xr-x---. 10 root root 4096 Apr 6 14:39 . dr-xr-xr-x. 17 root root 4096 Mar 30 17:04 .. -rwxr-xr-x. 1 root root 1188 Apr 26 2016 appliance-boot.sh lrwxrwxrwx. 1 root root 36 Apr 25 2016 appliance-configuration-log.txt -> /tmp/appliance-configuration-log.txt -rw-r--r--. 1 root root 0 Mar 30 16:37 appliance-configured-manually -rw-r--r--. 1 root root 0 Mar 30 16:37 appliance-configured-successfully -rwxr-xr-x. 1 root root 1218496 Feb 15 2016 appliance-gui -rw-r--r--. 1 root root 1640 May 5 2016 appliance-gui-menu-configured-server.txt -rw-r--r--. 1 root root 470 Feb 17 2016 appliance-gui-menu-configured.txt -rw-r--r--. 1 root root 551 Oct 14 07:14 appliance-gui-menu-configured-vagenthost.txt -rw-r--r--. 1 root root 1640 Mar 30 16:37 appliance-gui-menu.txt -rw-r--r--. 1 root root 638 Mar 1 2016 appliance-gui-menu-unconfigured.txt drwxr-xr-x. 3 root root 4096 Mar 30 16:31 appliance-web-conf -rw-------. 1 root root 1670 Apr 6 17:23 .bash_history -rw-r--r--. 1 root root 18 Dec 29 2013 .bash_logout -rw-r--r--. 1 root root 10010 Aug 22 2016 .bash_profile -rw-r--r--. 1 root root 176 Dec 29 2013 .bashrc -rwxr-xr-x. 1 root root 7983 Jan 17 15:08 clear-previous-installation.sh drwxr-xr-x. 3 root root 4096 Jun 8 2016 conf-backup drwx------. 3 root root 17 Feb 4 2016 .config -rwxr-xr-x. 1 root root 1437 Apr 26 2016 configure-domain.sh -rw-r--r--. 1 root root 100 Dec 29 2013 .cshrc -rw-r--r--. 1 root root 38881 Mar 9 20:40 era-appliance.pyc drwxr-xr-x. 2 root root 4096 Mar 9 20:41 eset_installers drwx------. 2 root root 94 Apr 9 09:21 .gnupg -rw-r--r--. 1 root root 2655 May 5 2015 help-with-domain.txt -rw-------. 1 root root 170 Feb 15 2016 .lesshst drwx------. 2 root root 43 Apr 6 15:12 .links -rw-------. 1 root root 0 Mar 30 16:30 .mysql_history -rw-r--r--. 1 root root 1270 Mar 30 16:37 ovf.xml drwxr-----. 3 root root 18 Feb 4 2016 .pki -rwxr-xr-x. 1 root root 277 Feb 16 2016 rejoin-domain.sh -rw-------. 1 root root 1024 Feb 11 2016 .rnd drwxr-xr-x. 3 root root 4096 Feb 18 2016 system-backup -rw-r--r--. 1 root root 129 Dec 29 2013 .tcshrc -rw-r--r--. 1 root root 0 Mar 30 17:02 webmin-is-enabled I have access to ERA true https and SSH. But can't ping it. I get "request timed out" when pinging to ERA with it's IP. Edited April 9, 2017 by alexroz
ESET Staff MartinK 384 Posted April 9, 2017 ESET Staff Posted April 9, 2017 Firewall configuration in CentOS7 based appliances (since ERA 6.4) has been changed to "conform" standard behavior. What you have to do is execute command: iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT which will enable ping from outside network. Please verify it, and if it will work as expected, execute command: service iptables save to persist firewall configuration changes. Otherwise changes will be lost after machine reboot.
Zdenko Rendic 0 Posted April 24, 2017 Author Posted April 24, 2017 Thanks MartinK, now it works! I just connected with Putty to the ERA Ip and put these 2 Lines: iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT service iptables save Best Regards Zdenko
Recommended Posts