3.3.2.6. Firewall Configuration

A default Oracle Linux install has the firewall enabled (iptables on). In order to use Oracle VM Manager on a system with iptables enabled you can either open all the ports used by Oracle VM Manager, or open all ports by disabling iptables.

The ports required for the web browser connection to Oracle VM Manager are: 7001, 7002 and 15901. The ports used by the Oracle VM Servers to connect to Oracle VM Manager are: 7001, 7002 and 54321. Oracle VM Manager, in turn, connects to the Oracle VM Servers through port 8899 for Oracle VM Agent communication, and port 6900 and up for secure VNC tunneling to virtual machines (one port per VM). Be sure to open the necessary ports on the different firewalls that may be installed between different parts of your network. Follow the guidelines of in the diagram below:

This diagram illustrates the firewall rules in Oracle VM Manager.

To disable iptables and open all ports, enter the following commands as the root user:

# service iptables stop
# chkconfig iptables off

Alternatively, open the required ports by using the iptables command as the root user:

# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 7001 -j ACCEPT
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 7002 -j ACCEPT
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 15901 -j ACCEPT
# iptables -A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT

To remotely connect to the Oracle VM Manager core API, also enter the following command:

# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 54321 -j ACCEPT

When all the ports have been opened, save the iptables configuration:

# service iptables save

This does not require iptables to be restarted as the commands open the ports while iptables is running and the save ensures they are opened on reboot/restart in future.

To configure the firewall to open the required ports automatically, use the environment configuration script provided with the Oracle VM Manager installer. See Section 3.3.2.4, “Environment Configuration Script” for information on using this script.