I am setting up an Azure Suse v13 linux VM, and
by default the only port open is ssh (22)
I have root access. Please advise proper command/shell
to add the TCP ports I need open thru the firewall.
Note: I cannot run YaST because I do not have interactive access with desktop.
I have configured the Azure “endpoints”, but next need to open
the ports thru firewall.
Thanks!
You can use YaST in text mode as well, provided the necessary packages are installed of course.
I have configured the Azure “endpoints”, but next need to open
the ports thru firewall.
So how is the firewall set up in the first place?
If you are using the standard SuSEfirewall, have a loot at /etc/sysconfig/SuSEfirewall2, in particular the variables “FW_SERVICES_EXT_TCP” and “FW_SERVICES_EXT_UDP” if you want to open it for the external zone. (or correspondingly “FW_SERVICES_DMZ_xxx” and “FW_SERVICES_INT_xxx” for the DMZ or internal zone)
You can of course use “iptables” directly as well (see any tutorial about that), but you would have to make that run on boot.
Preferably your rules should be integrated to the rules that are set up already anyway though. How you would do this depends on how the existing firewall is set up in the first place.
Thanks for the reply
In the services folder, I have these text files.
For example, the file sshd contains the following lines:
cloudvsvdev01->cat sshd
TCP=“ssh”
So my question is what text file do I add to list the TCP ports you mentioned??
cloudvsvdev01->cd /etc/sysconfig/SuSEfirewall2.d/services
cloudvsvdev01->ls -la
total 32
drwxr-xr-x 2 root root 4096 Oct 13 20:05 .
drwxr-xr-x 3 root root 4096 Jun 11 07:24 …
-rw-r–r-- 1 root root 426 Aug 11 15:42 netbios-server
-rw-r–r-- 1 root root 707 May 6 09:06 nfs-client
-rw-r–r-- 1 root root 126 Aug 11 15:42 samba-client
-rw-r–r-- 1 root root 373 Aug 11 15:42 samba-server
-rw-r–r-- 1 root root 164 Oct 13 20:05 sshd
-rw-r–r-- 1 root root 363 Sep 27 2013 telnet-server
I don’t quite understand what you mean.
In the configuration file variables I mentioned (in /etc/sysconfig/SuSEfirewall2) you can specify the ports directly (as numbers).
The service files you listed are there to be able to just select a service in YaST->Security and Users->Firewall from the dropdown list instead of having to specify the ports manually.
You could of course put a file in there for your own service then you’ll see it in YaST. But your original question was how to do it without YaST, no?
See here for more information about SuSEfirewall2 and how to configure it:
https://en.opensuse.org/SuSEfirewall2
Currently, the file
/etc/sysconfig/SuSEfirewall2
does not exist.
The directory
/etc/sysconfig/SuSEfirewall2.d exists and has those
text files in there.
Thus, should I simply copy the text file
/etc/sysconfig/SuSEfirewall2
from another system and enter the port values
you mentioned ?
Example for port 8080:
FW_SERVICES_EXT_TCP=“8080”
It should.
If it doesn’t exist then probably SuSEfirewall is not used/installed at all.
You should be able to install it with YaST or zypper, that should also create that file.
But if it is not installed, are you sure that there’s even a firewall set up?
The directory
/etc/sysconfig/SuSEfirewall2.d exists and has those
text files in there.
Those are installed by other packages like apache2 or samba to make it easy to open the corresponding ports in YaST.
Thus, should I simply copy the text file
/etc/sysconfig/SuSEfirewall2
from another system and enter the port values
you mentioned ?
Probably, if you use SuSEfirewall2. But then you should have an empty template in /var/adm/fillup-templates/sysconfig.SuSEfirewall2, so just copy that over. Or use YaST to configure it as already mentioned.
If not, again, you have to set iptables rules yourself.
But as I said, if there’s another firewall set up already, it’s probably better the change its configuration than to setup some iptables rules yourself.
Could you maybe post a link to that Appliance you are using (I suppose you downloaded it from somewhere), so somebody can have a look?
I have no idea what packages are installed in an “Azure Suse v13 linux VM”.
Or do you mean you run a standard openSUSE 13.x as VM using Microsoft Azure?
Then SuSEfirewall2 should be installed/running by default.
Please post the output of “systemctl status SuSEfirewall2” to see whether SuSEfirewall2 is installed/running.
On 2014-10-14 19:16, qawtbh wrote:
>
> wolfi323;2669389 Wrote:
>> If you are using the standard SuSEfirewall, have a loot at
>> /etc/sysconfig/SuSEfirewall2, in particular the variables
>> “FW_SERVICES_EXT_TCP” and “FW_SERVICES_EXT_UDP” if you want to open it
>> for the external zone. (or correspondingly “FW_SERVICES_DMZ_xxx” and
>> “FW_SERVICES_INT_xxx” for the DMZ or internal zone)
> So my question is what text file do I add to list the TCP ports you
> mentioned??
No.
YOU edit the file “/etc/sysconfig/SuSEfirewall2” and add there your
changes. Example:
FW_SERVICES_EXT_TCP="sip h323hostcall 30000:30010 4664"
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)
On 2014-10-14 20:36, qawtbh wrote:
> Currently, the file
> /etc/sysconfig/SuSEfirewall2
> does not exist.
Then, ask the person that created that machine. This is not normal.
Adding the file, when more needed things are missing, is pointless.
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)