Configuring firewall ports by using SSH

Instead of configuring the firewall ports by using the workload console operations, you can use a command line. You can disable firewall protection for specific ports, or disable the firewall itself by using SSH.

Before you begin

Determine the specific ports that must be opened for a specific application under test. For example, if you are testing a web service that is listening on port 9080, you must configure specific rules to open this port.
Obtain the SSH key pair that is necessary to log in to the virtual machines that are part of a deployed pattern.
Log in to the workload console.

About this task

By default the firewall and iptable rules are enabled on every virtual machine in the deployed in a pattern. Rules are enabled by default to support communication among the Rational® Integration Tester, Proxy, Test Control Panel, and Agents. Rules also exist to support the calculator sample that is included with the Rational Test Control Panel. However, new rules must be defined when you use the Proxy or Agents with specific applications. An alternative option is to disable the firewall entirely for the instance.

Determining the host names for virtual machines

Procedure

Go to the Virtual System Instances page by clicking Patterns > Pattern Instances > Virtual System Instances.
From the list of instances on the Virtual System Instances page, select the pattern that was deployed. The details of the deployed instance are displayed.
Go to the Virtual machine perspective.
Note the host name for the virtual system instance.

Opening firewall ports for Rational Test Control Panel

Procedure

Connect to the virtual machine through SSH:

SSH –i path_to_sshkey virtuser@hostname

Open the input and output connections for the specific ports that the application under test uses:

sudo /sbin/iptables -I OUTPUT -p tcp --dport port -m state --state NEW,ESTABLISHED -j ACCEPT
sudo /sbin/iptables -I INPUT -p tcp --sport port -m state --state ESTABLISHED -j ACCEPT

port: The number of a port that is used by the application under test.

Opening firewall ports on the Rational Integration Tester Agent host

Procedure

Connect to the virtual machine through SSH:

SSH –i path_to_sshkey virtuser@hostname

Open the ports to connect to the system under test and to accept requests:

sudo /sbin/iptables -I OUTPUT -p tcp --dport port -m state --state NEW,ESTABLISHED -j ACCEPT
sudo /sbin/iptables -I INPUT -p tcp --sport port -m state --state ESTABLISHED -j ACCEPT
sudo /sbin/iptables -I INPUT -p tcp --dport port -m state --state NEW,ESTABLISHED -j ACCEPT
sudo /sbin/iptables -I OUTPUT -p tcp --sport port -m state --state ESTABLISHED -j ACCEPT

port: The number of a port that is used by the application under test.

Disabling the firewall

About this task

Complete this task only under the following conditions:

Your corporate policy permits the disabling of firewalls.
You want all of the available ports to be open.

Procedure

Complete the following steps for each virtual machine in the instance:

Connect to the virtual machine through SSH:

SSH –i path_to_sshkey virtuser@hostname

Disable the firewall:
```
service iptables stop
```

Getting information about the iptables

Procedure

To list current rules, enter the following command:
```
sudo iptables –L
```
To list the packets that the firewall dropped, enter the following command:
```
sudo cat /var/log/messages | grep Dropped
```
Use this command to determine the ports that must be opened on the proxy or agent hosts.

Feedback