HP 5991-5565 manual Appendix B Frequently Asked Questions, # /sbin/SuSEfirewall2 stop

Page 53

Appendix B: Frequently Asked Questions

Q: How do I disable firewall settings?

A: By default, SLES has a firewall enabled. This prevents external systems from accessing ports below 1024. Enter the following to disable the firewall:

#/sbin/SuSEfirewall2 stop

CAUTION: Disabling the firewall is not advisable. If any external applications need to communicate with the system, open only those specific ports for outside access rather than fully disabling the firewall.

Q: How do I open specific ports without disabling the firewall?

A: SLES by default prevents external systems from connecting to any of the reserved port numbers (0 to 1023). To open a specific port, use one of the following three methods:

Configure with YaST:

To open a specified port using the YaST GUI, perform the following steps:

1.From the YaST Control Center, access the YaST GUI.

2.Select Security and Users Firewall.

From the YaST GUI, you can perform some of the following tasks:

•Configure firewall boot scripts

•Stop the firewall, if it's running

•Save settings to the script /etc/sysconfig/SuSEfirewall2

•Start the firewall with new settings

Configure manually:

To manually open a specified port, perform the following steps:

1.Use the YaST module System Services (runlevel) to enable SuSEfirewall2 in your runlevel (the setting will most likely be 3 or 5). This sets the symlinks for the SuSEfirewall2_* scripts to the /etc/init.d/rc?.d/ directories.

2.Modify the /etc/sysconfig/SuSEfirewall2 file. A number of example scenarios can be found in /usr/share/doc/packages/SuSEfirewall2/EXAMPLES.

For the easiest configuration, you only need to add the TCP ports to FW_SERVICES_EXT_TCP.

For example, the following configuration enables HTTP, SSH and Tomcat services when the firewall is up:

FW_SERVICE_EXT_TCP="±80 443 22 8080 8443 8009"

3.Test and start the firewall using one of the following SuSEfirewall2_* scripts:

/sbin/SuSEfirewall2 test /sbin/SuSEfirewall2 start

Configure using the iptables command:

To open a specified port using the iptables command, enter the following::

#iptables -I INPUT -s 0/0 -d 0/0 -p tcp \ --dport <port number> --syn -j ACCEPT

#iptables -save /sbin/SuSEfirewall2 restart

For example:

#iptables -I INPUT -s 0/0 -d 0/0 \-p tcp --dport 80 --syn -j ACCEPT

#iptables-save /sbin/SuSEfirewall2 restart

Appendix B: Frequently Asked Questions 53

Image 53

Contents HP Open Source Middleware Stacks Blueprint Copyright 2007 Hewlett-Packard Development Company, L.P Table of Contents Monitor Tomcat with OpenView Tomcat SPI Oracle Database Test Webalizer Usage ReportPage List of Tables Page Introduction HP ServicesExecutive Summary Intended AudienceHP Encourages Your Comments Typographic ConventionsUserInput Feedback@fc.hp.comWeb Server Stack Architecture HP Open Source Web Server Middleware StackWeb Server Stack Architecture Required Packages and Installation Recommendations Installing and Verifying the Linux DistributionInstalling the Linux Distribution YaST Software Selection and System Tasks Verifying the Linux Distribution InstallationInstalling and Configuring Sun JDK on an HP Proliant System Configuring the Basic Apache Http ServerTomcat # /etc/init.d/apache2 startFor the alljava.csh file, add the following lines # ln -s /usr/java/jdk1.5.010 /usr/local/jdkFor the alljava.sh file, add the following lines # java -version Installing and Configuring TomcatFollowing messages appear # /usr/local/apache-tomcat/bin/startup.shUsing the Apache Http Server Benchmarking Tool Advanced Apache Http Server FeaturesIf necessary, stop Tomcat by entering the following command # /usr/local/apache-tomcat/bin/shutdown.shApache Http Server Status and Information You can correct the error by entering the followingApachemodules definition should now look like the following Restart the Apache Http Server for the changes take effectApache Server Information web page opens, as shown in Figure Apache Server Status web page opens, as shown in Figure# webalizer Apache Http Server Log# /etc/init.d/apache2 restart Create the following file Using Virtual Host SupportFor detailed information, see the Webalizer website at On the second server, create the following Html file Using Apache Http Server URL RedirectionConfigure virtual hosting by creating a file named Edit the following configuration file Using Apache Http Server Proxy FeaturesAdd the following line to the preceding file Add the following lines to the preceding fileCreate the following Html file Error Responses and RedirectsPopulate the preceding file with the following lines Using Per-User Web DirectoriesIntegrating the Web Server Stack Components Configuring the Apache and Tomcat ConnectorIf there are any errors, check the following log files Restart Apache by entering the following commandInsert the following line below the DocumentRoot line Http//YOURHOSTNAME/jsp-examplesIntegrating the Apache Web Server and Perl Integrating the Apache Web Server and PHP# rpm -q php5 apache2-modphp5 Create the following test fileWeb page displays the following text Connecting Tomcat to a DatabaseIntegrating the Apache Web Server and Python # tar zxf mysql-connector-java-version.tar.gz Connecting Tomcat and MySQL# $CATALINAHOME/bin/startup.sh # mysqladmin -u root -p create osmsdb# ps -efgrep mysqld # /etc/init.d/mysql startIf needed, start Tomcat by entering the following command Connecting Tomcat and OracleHttp//YOURHOSTNAME8080/mysqltest.jsp Test page opens as shown in FigureConfiguring the Oracle Server Obtaining and Installing the Oracle Jdbc DriverTesting the Oracle Database Connectivity Creating an Oracle Data SourceOracle Database Test Http//YOURHOSTNAME8080/oracleTest.jspInstalling Hibernate, Tomcat, and JDK Connecting Tomcat to MySQL or Oracle Using HibernateConfiguring a Database Driver in Tomcat # mysql -u root -p Password# sqlplus osmsusr/osmspass@osmsdbora Creating a Simple Application in TomcatFor a MySQL database server For an Oracle database serverAsm.jar asm-attrs.jar antlr-2.7.6rc1.jar File HibernateSessionFactory.class is generated This directory, create a Hibernate Pojo file named Preceding command creates a class file namedHttp//YOURHOSTNAME8080/SimpleDemo/hibernate.jsp Verifying the Simple Application OperationRestart Apache by entering the following Secure the Web Server StackEnabling Https Support in the Apache Http Server Apache default document root is Apache Http Server AuthorizationVerify that the certificate is displayed as in Figure Create the following test Html fileIf the login fails, the following message appears Protecting Apache Http Server Authorization with Symas CDSConfiguring Apache Http Server Services Html Head Protecting Tomcat Authorization with Symas CDSHtml Head # $CATALINA/bin/shutdown.sh # $CATALINA/bin/startup.sh Monitor Tomcat with OpenView Tomcat SPITomcat SPI Components Software Prerequisites and Reference GuidesPolicies ToolsComplete these steps Complete these steps # /sbin/SuSEfirewall2 stop Appendix B Frequently Asked QuestionsAppendix C Vendor Information Reference Appendix D Hibernate Test Application Source Code Following are the contents of the hibernate.jsp filePage Appendix D Hibernate Test Application Source Code