Wednesday, September 12, 2012

IBM Lotus Domino 8.5.3 - Firing the Firewall

In this article, I describe how I hit a problem connecting to an IBM Lotus Domino 8.5.3 server, via web browser, and, more importantly, how I was able to diagnose and then resolve the problem. 

For the umpty-leventh time, I hit: -


when I attempt to access my Domino server's web administration interface: -


Domino is running on a Red Hat Enterprise Linux (RHEL) VM running on VMware Fusion 5.0.1 on my MacBook Pro, and I'm attempting to access it via my Mac's Firefox browser.

I proved that the problem was NOT with Domino, as I was able to access it locally ( using Firefox on the VM ): -


However, I wanted to use my host OS' browser for two reasons: -

(a) Firefox on the Mac has Java enabled, and the Domino WebAdmin tool uses a Java applet
(b) It's easier to take screenshots

The next acid test was to ensure that the networking between the host and guest OS was working: -


Therefore, I knew that the problem was on the Linux VM, so thought: -

(a) Security-Enhanced Linux ( selinux )
(b) Firewall ( iptables )

I checked selinux first of all: -

$ cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

I then checked the firewall: -

chkconfig --list | grep iptables

iptables        0:off 1:off 2:on 3:on 4:on 5:on 6:off

Ah-ha, so that was the problem :-)

I stopped the firewall ( this is my own development VM so I do not need a firewall - YOUR mileage WILL vary ): -

service iptables stop

iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: nat mangle filte[  OK  ]
iptables: Unloading modules:                               [  OK  ]

and then validated that it was stopped: -


Finally, I then went ahead and disabled the firewall permanently, as the service iptables stop command will not survive a reboot: -

chkconfig iptables off

and validated that it's now disabled: -

$ chkconfig --list | grep iptables

iptables        0:off 1:off 2:off 3:off 4:off 5:off 6:off

Job done.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)