VMware Horizon Community
evil242
Enthusiast
Enthusiast
‎05-10-2017 10:02 AM

RHWS7 firewalld vs iptables

I'm working with RHEL/RHWS7 and Horizon 7.1

The documentation says that Horizon agent will automagically configure iptables.  But RHEL7 comes with firewalld.  I've disabled firewalld and reverted to iptables.  But the agent install gives the error message:

"Unable to automatically configure filewall.

Please configure firewall for inbound connections on port 22443/tcp."

I'm guessing programming error on the "filewall" s firewall.

But the question is, does the install agent prefer iptables or firewalld?  

Damion Terrell  .   +  (He/Him)  +  . *  .  +   @   + .    *  .    +      .                    
Core IT Service Specialist  *     .    +    *  .   +   .     +   .    +     *   +             
UNM – IT Platforms – VIS  + .  . .     .    .  .    .     .             .        
          .       +    .      +       *        .          +  *   .
      *     .  .      +      .        .   .   .      +   .    +     *   +        .
“You learn the job of the person above you,     *     +   .    +     *    @       
and you teach your job to the person below you..”              .    *         +
Reply
0 Kudos
2 Replies
evil242
Enthusiast
Enthusiast
‎05-10-2017 10:53 AM

Well deeper analysis is that it looks like it can handle both, but has issues if both are installed.  It doesn't discern if one is disabled and the other is enabled. 

I updated ${scriptdir}bin/commonlib.sh so that iptables comes first:

   #

   # Identify firewall

   #

   FIREWALL=

   FIREWALL_IPTABLES=IPTABLES

   FIREWALL_FIREWALLD=FIREWALLD

   [ -z "$FIREWALL" ] && \

      which iptables >/dev/null 2>&1 && FIREWALL=${FIREWALL_IPTABLES}

   [ -z "$FIREWALL" ] && \

      which firewall-cmd >/dev/null 2>&1 && FIREWALL=${FIREWALL_FIREWALLD}

Not the best of coding, but I didn't want to uninstall firewalld either:

Dependencies Resolved

========================================================================================================

Package                                  Arch   Version               Repository                  Size

========================================================================================================

Removing:

firewalld                                noarch 0.4.3.2-8.1.el7_3.2   @rhel-x86_64-workstation-7 1.7 M

Removing for dependencies:

anaconda-core                            x86_64 21.48.22.93-1.el7     @anaconda/7.3              7.9 M

anaconda-gui                             x86_64 21.48.22.93-1.el7     @anaconda/7.3              1.4 M

anaconda-tui                             x86_64 21.48.22.93-1.el7     @anaconda/7.3              426 k

firewall-config                          noarch 0.4.3.2-8.1.el7_3.2   @rhel-x86_64-workstation-7 1.0 M

initial-setup                            x86_64 0.3.9.36-1.el7        @anaconda/7.3              213 k

initial-setup-gui                        x86_64 0.3.9.36-1.el7        @anaconda/7.3               32 k

subscription-manager-initial-setup-addon x86_64 1.17.15-1.el7         @anaconda/7.3               45 k

Transaction Summary

========================================================================================================

Remove  1 Package (+7 Dependent packages)

Installed size: 13 M

Is this ok [y/N]: N

Exiting on user command

Perhaps the developers can use systemctl status instead

[root@h7-trhws7 VMware-horizonagent-linux-x86_64-7.1.0-5141896]# systemctl status firewalld

● firewalld.service - firewalld - dynamic firewall daemon

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)

   Active: inactive (dead)

     Docs: man:firewalld(1)

[root@h7-trhws7 VMware-horizonagent-linux-x86_64-7.1.0-5141896]# systemctl status iptables -l

iptables.service - IPv4 firewall with iptables

   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)

   Active: active (exited) since Wed 2017-05-10 11:45:30 MDT; 6min ago

  Process: 785 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)

Main PID: 785 (code=exited, status=0/SUCCESS)

   CGroup: /system.slice/iptables.service

May 10 11:41:37 h7-trhws7.colleges.ad.unm.edu systemd[1]: Starting IPv4 firewall with iptables...

May 10 11:45:30 h7-trhws7.colleges.ad.unm.edu iptables.init[785]: iptables: Applying firewall rules: [  OK  ]

May 10 11:45:30 h7-trhws7.colleges.ad.unm.edu systemd[1]: Started IPv4 firewall with iptables.

Damion Terrell  .   +  (He/Him)  +  . *  .  +   @   + .    *  .    +      .                    
Core IT Service Specialist  *     .    +    *  .   +   .     +   .    +     *   +             
UNM – IT Platforms – VIS  + .  . .     .    .  .    .     .             .        
          .       +    .      +       *        .          +  *   .
      *     .  .      +      .        .   .   .      +   .    +     *   +        .
“You learn the job of the person above you,     *     +   .    +     *    @       
and you teach your job to the person below you..”              .    *         +
Reply
0 Kudos
txiong
VMware Employee
VMware Employee
‎05-15-2017 07:46 PM

Thanks for sharing the tip.

We will take a look and enhance the installer.

Reply
0 Kudos