000028882 - KB-1213 How to allow HTTP access to ACM

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000028882
Applies ToAffected Versions: All Versions
ResolutionTo allow http access to ACM, follow these steps:
1.Login into the ACM as “root” user
2.Open file, /etc/sysconfig/iptables
3.Add the following lines in the same location as shown below:
-A PREROUTING -i bond0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8445
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8445 -j ACCEPT
A sample iptable would look like following. Please add the above lines in the same location as mentioned:

:PREROUTING ACCEPT [4:1504]
:POSTROUTING ACCEPT [7:514]
:OUTPUT ACCEPT [7:514]
-A PREROUTING -i bond0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
-A PREROUTING -i bond0 -p tcp -m tcp --dport 444 -j REDIRECT --to-ports 8444
-A PREROUTING -i bond0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8445
COMMIT
# Completed on Fri Aug 25 13:37:25 2006
# Generated by iptables-save v1.2.11 on Fri Aug 25 13:37:25 2006
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [126:17631]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8444 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8445 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 1555 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 1158 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
4. Re-start iptables as “root” user. Execute service iptables restart

Attachments

    Outcomes