Wikis - Page

Access Manager IDP Port Redirection Script for RHEL 7.x

0 Likes

In the Access Manager documentation the Port Redirection script works only for SUSE. I have modified the script and added a few more steps to run it on Redhat 7.x, which is using systemd. Follow the steps below:

# vi /etc/init.d/AM_IDP_Redirect



Paste the following Script, make changes in INTF and ADDR. Get the details using /sbin/ifconfig command:

#! /bin/sh
#! /etc/init.d/AM_IDP_Redirect
# ### BEGIN INIT INFO
# chkconfig: 345 99 76
# Provides: idp_8443_redirect
# Required-Start:
# Required-Stop:
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: Redirect 8443 to 443 for Novell IDP
### END INIT INFO #



# Environment-specific variables.
IPT_BIN=/usr/sbin/iptables
INTF=ens33
ADDR=172.17.5.170

#. /etc/rc.status

# First reset status of this service
#rc_reset

case "$1" in
start)
echo -n "Starting IP Port redirection"
$IPT_BIN -t nat --flush
$IPT_BIN -t nat -A PREROUTING -i $INTF -p tcp --dport 80 -j DNAT --to ${ADDR}:8080
$IPT_BIN -t nat -A PREROUTING -i $INTF -p tcp --dport 443 -j DNAT --to ${ADDR}:8443
$IPT_BIN -t nat -A OUTPUT -p tcp -d $ADDR --dport 443 -j DNAT --to ${ADDR}:8443
$IPT_BIN -t nat -A OUTPUT -p tcp -d $ADDR --dport 80 -j DNAT --to ${ADDR}:8080
#rc_status -v
;;
stop)
echo -n "Flushing all IP Port redirection rules"
$IPT_BIN -t nat --flush
#rc_status -v
;;
restart)
echo -n "Restarting the Port redirection script"
$0 stop
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
;;
esac
#rc_exit


 

Make the script executable using the command below:

# chmod  x /etc/init.d/AM_IDP_Redirect



Create a Service:

# vi /etc/systemd/system/AM_IDP_Redirect.service



Create and paste the script below and save it.

[Unit]
Description=IDP Port Redirect
After=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/etc/init.d/AM_IDP_Redirect start
ExecRestart=/etc/init.d/AM_IDP_Redirect restart
ExecStop=/etc/init.d/AM_IDP_Redirect stop
TimeoutStartSec=0

[Install]
WantedBy=multiuser.target



Reinitialize the systemd by using:

# systemctl daemon-reload



Enable the AM_IDP_Redirect script to load, run the command below:

# systemctl enable AM_IDP_Redirect

Created symlink from /etc/systemd/system/multiuser.target.wants/AM_IDP_Redirect.service to /etc/systemd/system/AM_IDP_Redirect.service.



Start the Service:

# systemctl start AM_IDP_Redirect



Verify using:

# iptables -t nat -nvL



Chain PREROUTING (policy ACCEPT 18 packets, 1296 bytes)

pkts bytes target     prot opt in     out     source               destination

0     0 DNAT       tcp  --  ens33  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.17.5.170:8080

0     0 DNAT       tcp  --  ens33  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.17.5.170:8443



Chain INPUT (policy ACCEPT 18 packets, 1296 bytes)

pkts bytes target     prot opt in     out     source               destination



Chain OUTPUT (policy ACCEPT 4034 packets, 245K bytes)

pkts bytes target     prot opt in     out     source               destination

0     0 DNAT       tcp  --  *      *       0.0.0.0/0            172.17.5.170         tcp dpt:443 to:172.17.5.170:8443

0     0 DNAT       tcp  --  *      *       0.0.0.0/0            172.17.5.170         tcp dpt:80 to:172.17.5.170:8080



Reboot the server and then test using the above iptables command, you should get the same result.

Standard systemctl commands will also work:

    1. To Stop the Script
      # systemctl stop AM_IDP_Redirect

 

    1. To Restart the Script
      # systemctl restart AM_IDP_Redirect

 

    1. To Start the Script
      # systemctl start AM_IDP_Redirect

 

    1. To Disable the Script
      # systemctl disable AM_IDP_Redirect




As a fall-back you can also use the commands below:


    1. To Stop the Script
      #/etc/init.d/AM_IDP_Redirect stop

 

    1. To Restart the Script
      #/etc/init.d/AM_IDP_Redirect restart

 

    1. To Start the Script
      #/etc/init.d/AM_IDP_Redirect start




For troubleshooting check the logs in /var/log/messages.

Ref: https://www.netiq.com/documentation/access-manager-44/install_upgrade/data/b6fyxpk.html#redirectscript

 

Labels:

How To-Best Practice
Support Tips/Knowledge Docs
Support Tip
Comment List
Related
Recommended