For the umpty-leventh time, I hit: -
when I attempt to access my Domino server's web administration interface: -
Domino is running on a Red Hat Enterprise Linux (RHEL) VM running on VMware Fusion 5.0.1 on my MacBook Pro, and I'm attempting to access it via my Mac's Firefox browser.
I proved that the problem was NOT with Domino, as I was able to access it locally ( using Firefox on the VM ): -
However, I wanted to use my host OS' browser for two reasons: -
(a) Firefox on the Mac has Java enabled, and the Domino WebAdmin tool uses a Java applet
(b) It's easier to take screenshots
The next acid test was to ensure that the networking between the host and guest OS was working: -
Therefore, I knew that the problem was on the Linux VM, so thought: -
(a) Security-Enhanced Linux ( selinux )
(b) Firewall ( iptables )
I checked selinux first of all: -
$ cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
I then checked the firewall: -
$ chkconfig --list | grep iptables
Ah-ha, so that was the problem :-)
I stopped the firewall ( this is my own development VM so I do not need a firewall - YOUR mileage WILL vary ): -
$ service iptables stop
iptables: Setting chains to policy ACCEPT: nat mangle filte[ OK ]
iptables: Unloading modules: [ OK ]
and then validated that it was stopped: -
Finally, I then went ahead and disabled the firewall permanently, as the service iptables stop command will not survive a reboot: -
$ chkconfig iptables off
and validated that it's now disabled: -
iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Job done.
2 comments:
Hey Dave
Enjoy gleaning stuff off of your blog. Thanks.
Do you generally install a desktop environment on a server? What are your thoughts around this?
Also - you could accomplish a "local" connection by tunneling through an ssh connection. I generally do this I have ssh access more readily available then access to the KVM (physical or virtual)
Thanks
Sam
Hi Sam
Typically I install the stock OS build, which includes the desktop elements ( X11, Gnome, KDE etc. ).
However, this reflects the fact that, in the main, my installations are for my own personal use, rather than for production-grade servers.
I do take advantage of X11 tunneling via SSH, especially as my host OS ( Mac OS X ) supports SSH and X11 out-of-the-box.
As you say, this also makes "desktop switching" much more simple.
Thanks for the feedback.
Dave
Post a Comment