-
1. Re: OL7 - Unable to add firewall port 3389
Error: INVALID_ZONE ??? What zone did it report?
What is your output of the following:
firewall-cmd --info-zone=???
firewall-cmd --get-default-zone
firewall-cmd --get-active-zones
You can specify the zone, but the default should be public.
firewall-cmd --zone=public --permanent --add-port=3389/tcp
If you messed things up too much, you can restore the default firewall rules:
systemctl stop firewalld
rm -rf /etc/firewalld/zones/
systemctl start firewalld
Then try again:
firewall-cmd --permanent --add-port=3389/tcp
systemctl restart firewalld
firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3
sources:
services: ssh dhcpv6-client
ports: 3389/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
-
2. Re: OL7 - Unable to add firewall port 3389
Thanks for your quick reply.
Looks like I messed it up somewhere . but I followed what you suggested . still see the INVALID_ZONE error. Please see below .
# systemctl stop firewalld
# rm -rf /etc/firewalld/zones/
# systemctl start firewalld
# firewall-cmd --zone=public --permanent --add-port=3389/tcp
success
# systemctl restart firewalld
#
# firewall-cmd --list-all
Error: INVALID_ZONE
# cd /etc/firewalld/zones/
# ls
public.xml
#
# cat public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/>
<service name="dhcpv6-client"/>
<port protocol="tcp" port="3389"/>
</zone>
#
# firewall-cmd --info-zone
usage: see firewall-cmd man page
firewall-cmd: error: argument --info-zone: expected one argument
Thank You
Rakesh
-
3. Re: OL7 - Unable to add firewall port 3389
Thanks for your quick reply.
Looks like I messed it up somewhere . but I followed what you suggested . still see the INVALID_ZONE error. Please see below .
# systemctl stop firewalld
# rm -rf /etc/firewalld/zones/
# systemctl start firewalld
# firewall-cmd --zone=public --permanent --add-port=3389/tcp
success
# systemctl restart firewalld
#
# firewall-cmd --list-all
Error: INVALID_ZONE
# cd /etc/firewalld/zones/
# ls
public.xml
#
# cat public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/>
<service name="dhcpv6-client"/>
<port protocol="tcp" port="3389"/>
</zone>
#
# firewall-cmd --info-zone
usage: see firewall-cmd man page
firewall-cmd: error: argument --info-zone: expected one argument
Thank You
Rakesh
-
4. Re: OL7 - Unable to add firewall port 3389
I'm just seeing this is an EC2 instance...
These type of systems are usually locked down in several ways. My suggestion: Don't bother with the Firewall any further. You cannot use Remote Desktop Sharing unless your remote system is already displaying a graphical login anyway. So opening the Remote Desktop port for inbound connection over the Internet is not going to help you. It's a bad idea since it uses no encryption and will probably also require port forwarding.
I suggest you use TigerVNC server instead and use SSH to create a tunnel for your VNC client. There's a video that was posted recently: Video: Install and Configure VNC Server on Oracle Linux 8
What are you actually trying to accomplish? What do you need a desktop for?
-
5. Re: OL7 - Unable to add firewall port 3389
Hi Dude
Thanks for responding again. Actually, what i am trying to do it to basically for my own home based research, installing OBIEE on OL7 hosted on AWS EC2 instance.
I am following this post - https://arthurdayton.com/2016/03/29/deploying-oracle-business-intelligence-12c-on-aws-ec2-instance/
About 30 min into this video, Arthur goes through the steps of opening the firewall port on the instance host. I was just trying to replicate the same when i ran into these Zone errors.
Basically, wanted to use a remote desktop for installing Oracle BI . This is for my own individual test/sandbox environment.
Not sure if you can, but if possible please check out this link and see if there is a better way to do the same. I will also look at your suggestion (TigerVNC) in the meantime.
Thank You
Rakesh
-
6. Re: OL7 - Unable to add firewall port 3389
If you are following someone's instructions you should ask the person who wrote the instructions. Sorry I'm not fancy spending the rest of the day verifying someone's instructions. Opening a port for Remote Desktop Sharing vi the public Internet just sounds plain wrong to me.
Again, you cannot use remote desktop sharing unless the remote system shows a desktop. The better alternative is either TigerVNC Server and creating a SSH tunnel, or use SSH with X11 forwarding. For the purpose of running a remote GUI app or installer, I would certainly not bother to install the Gnome Desktop on a remote Linux server system.
Can you create any user account on your EC2 instance and connect to it using SSH and typing a password?
Can you use "su - root" on your remote Linux user account?
-
7. Re: OL7 - Unable to add firewall port 3389
Yes, I am able create a new user on the EC2 instance and connect to it using SSH & password. I am able to su root as well.
Thank You.
-
8. Re: OL7 - Unable to add firewall port 3389
1 person found this helpfulThen you could also try VNCPilot.
That's what I do when I just need to run a GUI app on a remote Linux system.
Register and Participate in Oracle's online communities. Learn from thousand of experts, get answers to your questions and share knowledge with peers.