8 Replies Latest reply on Mar 24, 2020 2:53 PM by Dude!

    OL7 - Unable to add firewall port 3389

    3822729

      Dear Experts

      I am trying to install GUI on Oracle Linux 7 on an EC2 instance and in the process of having a desktop open, I am trying to open port 3389 using the command below and getting INVALD_ZONE error.

       

      I have to admit , I am novice when it comes to OL and need some guidance to make any further progress. Any help is greatly appreciated.

       

      [root@ip-172-31-94-113 oracle]# sudo firewall-cmd --permanent --add-port=3389/tcp

      Error: INVALID_ZONE

       

       

      Thanks

      Rakesh

        • 1. Re: OL7 - Unable to add firewall port 3389
          Dude!

          Error: INVALID_ZONE ??? What zone did it report?

          What is your output of the following:

           

          firewall-cmd --info-zone=???

          firewall-cmd --get-default-zone

          firewall-cmd --get-active-zones

           

          You can specify the zone, but the default should be public.

           

          firewall-cmd --zone=public --permanent --add-port=3389/tcp

           

          If you messed things up too much, you can restore the default firewall rules:

           

          systemctl stop firewalld

          rm -rf /etc/firewalld/zones/

          systemctl start firewalld

           

          Then try again:

           

          firewall-cmd --permanent --add-port=3389/tcp

          systemctl restart firewalld

          firewall-cmd --list-all

          public (active)

            target: default

            icmp-block-inversion: no

            interfaces: enp0s3

            sources:

            services: ssh dhcpv6-client

            ports: 3389/tcp

            protocols:

            masquerade: no

            forward-ports:

            source-ports:

            icmp-blocks:

            rich rules:

          • 2. Re: OL7 - Unable to add firewall port 3389
            3822729

            Thanks for your quick reply.

            Looks like I messed it up somewhere . but I followed what you suggested . still see the INVALID_ZONE error.  Please see below .

             

            # systemctl stop firewalld

             

            # rm -rf /etc/firewalld/zones/

             

            # systemctl start firewalld

             

            # firewall-cmd --zone=public --permanent --add-port=3389/tcp

            success

             

             

            # systemctl restart firewalld

            #

            # firewall-cmd --list-all

            Error: INVALID_ZONE

             

             

            # cd /etc/firewalld/zones/

            # ls

            public.xml

            #

            # cat public.xml

             

            <?xml version="1.0" encoding="utf-8"?>

            <zone>

              <short>Public</short>

              <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>

              <service name="ssh"/>

              <service name="dhcpv6-client"/>

              <port protocol="tcp" port="3389"/>

            </zone>

             

            #

            # firewall-cmd --info-zone

            usage: see firewall-cmd man page

            firewall-cmd: error: argument --info-zone: expected one argument

             

            Thank You

            Rakesh

            • 3. Re: OL7 - Unable to add firewall port 3389
              3822729

              Thanks for your quick reply.

              Looks like I messed it up somewhere . but I followed what you suggested . still see the INVALID_ZONE error.  Please see below .

               

              # systemctl stop firewalld

               

              # rm -rf /etc/firewalld/zones/

               

              # systemctl start firewalld

               

              # firewall-cmd --zone=public --permanent --add-port=3389/tcp

              success

               

               

              # systemctl restart firewalld

              #

              # firewall-cmd --list-all

              Error: INVALID_ZONE

               

               

              # cd /etc/firewalld/zones/

              # ls

              public.xml

              #

              # cat public.xml

               

              <?xml version="1.0" encoding="utf-8"?>

              <zone>

                <short>Public</short>

                <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>

                <service name="ssh"/>

                <service name="dhcpv6-client"/>

                <port protocol="tcp" port="3389"/>

              </zone>

               

              #

              # firewall-cmd --info-zone

              usage: see firewall-cmd man page

              firewall-cmd: error: argument --info-zone: expected one argument

               

              Thank You

              Rakesh

              • 4. Re: OL7 - Unable to add firewall port 3389
                Dude!

                I'm just seeing this is an EC2 instance...

                 

                These type of systems are usually locked down in several ways. My suggestion: Don't bother with the Firewall any further. You cannot use Remote Desktop Sharing unless your remote system is already displaying a graphical login anyway. So opening the Remote Desktop port for inbound connection over the Internet is not going to help you. It's a bad idea since it uses no encryption and will probably also require port forwarding.

                 

                I suggest you use TigerVNC server instead and use SSH to create a tunnel for your VNC client. There's a video that was posted recently: Video: Install and Configure VNC Server on Oracle Linux 8

                 

                What are you actually trying to accomplish? What do you need a desktop for?

                • 5. Re: OL7 - Unable to add firewall port 3389
                  3822729

                  Hi Dude

                   

                  Thanks for responding again. Actually, what i am trying to do it to basically for my own home based research, installing OBIEE on OL7 hosted on AWS EC2 instance. 

                  I am following this post - https://arthurdayton.com/2016/03/29/deploying-oracle-business-intelligence-12c-on-aws-ec2-instance/

                  About 30 min into this video, Arthur goes through the steps of opening the firewall port on the instance host. I was  just trying to replicate the same when i ran into these Zone errors.

                  Basically, wanted to use a remote desktop for installing Oracle BI . This is for my own individual test/sandbox environment.

                   

                  Not sure if you can, but if possible please check out this link and see if there is a better way to do the same. I will also look at your suggestion (TigerVNC)  in the meantime.

                   

                  Thank You

                  Rakesh

                  • 6. Re: OL7 - Unable to add firewall port 3389
                    Dude!

                    If you are following someone's instructions you should ask the person who wrote the instructions. Sorry I'm not fancy spending the rest of the day verifying someone's instructions. Opening a port for Remote Desktop Sharing vi the public Internet just sounds plain wrong to me.

                     

                    Again, you cannot use remote desktop sharing unless the remote system shows a desktop. The better alternative is either TigerVNC Server and creating a SSH tunnel, or use SSH with X11 forwarding. For the purpose of running a remote GUI app or installer, I would certainly not bother to install the Gnome Desktop on a remote Linux server system.

                     

                    Can you create any user account on your EC2 instance and connect to it using SSH and typing a password?

                    Can you use "su - root" on your remote Linux user account?

                    • 7. Re: OL7 - Unable to add firewall port 3389
                      3822729

                      Yes, I am able create a new user on the EC2 instance and connect to it using SSH & password. I am able to su root as well.

                       

                      Thank You.

                      • 8. Re: OL7 - Unable to add firewall port 3389
                        Dude!

                        Then you could also try VNCPilot.

                         

                        That's what I do when I just need to run a GUI app on a remote Linux system.

                        1 person found this helpful