Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
251 views

Translating the Identity Server configuration port


We are trying to follow the Access Manager link below and to translate
the Identity server configuration to use TCP port 443 instead of 8443.
http://tinyurl.com/las9963

The script given in the document doesn't seem to work on RedHat 6.5
server. Can someone help me with the similar script for RedHat 6.5
server?

Thanks in Advance,
Akanshha


--
akanshahbazaz
------------------------------------------------------------------------
akanshahbazaz's Profile: https://forums.netiq.com/member.php?userid=7613
View this thread: https://forums.netiq.com/showthread.php?t=53154

0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Translating the Identity Server configuration port

Both SUSE Linux Enterprise Server (SLES) and RedHat versions of Linux use
iptables to control the firewall within the kernel, so you may just be up
against a matter of timing. If you have chosen to go with RedHat's then
the answer probably lies in who you have hired to administer that
platform. If you do not have that expertise in-house, you may want to
find a contractor or somebody who can do that as either you or your
vendors need to manage the platform for things to work on it, and port
redirection is a pretty simple task on any Linux distro; simply tell them
you want to redirect traffic bound for 443 to 8443, and 80 to 8080 (or
whatever the ports you use are).

Regarding your issue in this case, I'd probably start by using basic
iptables troubleshooting with the iptables command, or iptables-save
command, and also look at the system firewall configuration to be sure
that the settings applied "stick". You can use an init script as well (as
the documentation provides for SLES) but there are usually
distribution-specific ways to manage the redirection that work too, along
with all other firewall configuration tasks.

Possible problems with scripts between distros can come in the form of
paths (one distro uses /usr/sbin/iptables, another /sbin/iptables, etc.)
timing (when the firewall loads, and when rules are applied or flushed,
and other system configuration (kernel parameters). Seeing how the
firewall is configured before and after running the script may give some
clues, as may running the script and capturing debugging output ('bash -x
-v /path/to/script start')

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Translating the Identity Server configuration port


The following iptables commands should work on RHEL:

iptables -A PREROUTING -t nat -p tcp -m tcp --dport 443 -j REDIRECT
--to-ports 8443
iptables -A OUTPUT -t nat -d 127.0.0.0/8 -o lo -p tcp -m tcp --dport 443
-j REDIRECT --to-ports 8443

To check the iptables configuration:

service iptables status

To save the iptables configuration:

service iptables save

If you don't save, the configuration will be wiped on reboot.


--
e138274
------------------------------------------------------------------------
e138274's Profile: https://forums.netiq.com/member.php?userid=5914
View this thread: https://forums.netiq.com/showthread.php?t=53154

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.