A default Oracle Linux install has the firewall enabled (iptables on). In order to use Oracle VM Manager on a system with iptables enabled you can either open all the ports used by Oracle VM Manager, or open all ports by disabling iptables.
To configure the firewall to open the required ports automatically, use the environment configuration script provided with the Oracle VM Manager installer. See Section 3.3.1, “Configuring the Environment Before Installation” for information on using this script.
The diagram and table below illustrate the firewall rules and requirements for Oracle VM.
Table 3.2 Firewall Rules
No. | Component Relationship | Ports and Description | Optional |
---|---|---|---|
1 | Oracle VM Manager to Oracle VM Server |
| No |
2 | Oracle VM Server to Oracle VM Manager |
| No |
3 | Client PC to Oracle VM Manager |
| No, although access to services should be limited to requirements |
4 | Client PC to Oracle VM Server |
| Yes |
5 | Oracle VM Server to Oracle VM Server |
| No |
6 | Some Management Tools to Oracle VM Manager |
| Yes |
The following instructions explain how to resolve any firewall requirements manually, and assume that you have decided not to use the environment configuration script provided with the Oracle VM Manager installer.
Depending on your security requirements, do either:
Disable iptables and open all ports, enter the following commands as the root user:
# service iptables stop # chkconfig iptables off
Alternatively, to open the required ports manually by using the iptables command as the root user:
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 7002 -j ACCEPT # iptables -A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
To remotely connect to the Oracle VM Manager core legacy API using an alternate external client such as Oracle Enterprise Manager, also enter the following command:
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 54322 -j ACCEPT
To enable the Oracle VM Manager Command Line Interface, enter the following command:
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT
When all the ports have been opened, save the iptables configuration:
# service iptables save
This does not require iptables to be restarted as the commands open the ports while iptables is running and the save ensures they are opened on reboot/restart in future.