We use proprietary and third party´s cookies to improve your experience and our services, identifying your Internet Browsing preferences on our website; develop analytic activities and display advertising based on your preferences. If you keep browsing, you accept its use. You can get more information on our Cookie Policy
Cookies Policy
Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

This question has a lot to do with CentOS default and CentOS administration rather than with the cloud itself.

By default, CentOS has its own firewall (its own iptables configurations) which is more restrictive than the values you set in the security rules configurations. This means that CentOS will reject access to port 5050 even though you activate it in the rules of your security groups.

This is so because it is CentOS philosophy and it is respected in Fiware's Cloud.

What to do? One of these things: a). You could disable your CentOS firewall and relay on your Security Groups' rules:

service iptables stop
chkconfig iptables off ### To keep configurations upon reboots.

b). You could enable the rule in your iptables. This is the way IP tables is configured by default:

# iptables -S 
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 

These rules are processed sequentially, so you can't append a rule (iptables -A) because the rule will appended and proccessed after it the REJECT. The way is inserting the rule:

iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 5050 -j ACCEPT

This way, the rule will be inserted just before:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 

And the rule will be processed before any reject and the port will be accesible. However, we need to update the iptables rules to be persistent upon reboots:

cp /etc/sysconfig/iptables /etc/sysconfig/iptables.old
iptables-save > /etc/sysconfig/iptables