The Virtualization Cookbook for SLES 10 SP2 - z/VM - IBM
The Virtualization Cookbook for SLES 10 SP2 - z/VM - IBM
The Virtualization Cookbook for SLES 10 SP2 - z/VM - IBM
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
► To allow Web traffic through, you can modify the file /etc/sysconfig/iptables. First make<br />
a backup copy, then add two rules (in bold) to allow these ports then save your changes:<br />
# cd /etc/sysconfig<br />
# cp iptables iptables.orig<br />
# vi iptables<br />
# Firewall configuration written by system-config-firewall<br />
# Manual customization of this file is not recommended.<br />
*filter<br />
:INPUT ACCEPT [0:0]<br />
:FORWARD ACCEPT [0:0]<br />
:OUTPUT ACCEPT [0:0]<br />
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
-A INPUT -p icmp -j ACCEPT<br />
-A INPUT -i lo -j ACCEPT<br />
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT<br />
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT<br />
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT<br />
-A INPUT -j REJECT --reject-with icmp-host-prohibited<br />
-A FORWARD -j REJECT --reject-with icmp-host-prohibited<br />
COMMIT<br />
► Restart the firewall to pick up the new rules:<br />
# service iptables restart<br />
iptables: Flushing firewall rules: [ OK ]<br />
iptables: Setting chains to policy ACCEPT: filter [ OK ]<br />
iptables: Unloading modules: [ OK ]<br />
iptables: Applying firewall rules: [ OK ]<br />
► Go back to your browser and click refresh again. You should not get an error this time.<br />
You should now have a firewall that allows Web traffic.<br />
11.1.4 Configuring SSL <strong>for</strong> Apache<br />
Use the Secure Sockets Layer (SSL) to encrypt data between the client (browser) and the<br />
server. This is done by specifying an https prefix in the URL which uses port 443 rather than<br />
using the conventional http prefix which uses port 80. Per<strong>for</strong>m the following steps:<br />
► To use SSL, the mod_ssl package is requied. You can show that SSL communications do<br />
not work by changing http to https in your browser:<br />
https://9.60.18.224/<br />
You should see some type of communications error.<br />
► Install the mod_ssl RPM with the yum -y install command:<br />
# yum -y install mod_ssl<br />
...<br />
Installed:<br />
mod_ssl.s390x 1:2.2.15-5.el6<br />
Complete!<br />
► Verify that the RPM was added:<br />
# rpm -qa | grep mod_ssl<br />
mod_ssl-2.2.15-5.el6.s390x<br />
► Restart the Web server:<br />
# service httpd restart<br />
Stopping httpd: [ OK ]<br />
Starting httpd: [ OK ]<br />
172 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6