You can change the firewall and SELinux settings for IBM Spectrum Connect after installing it to allow the Spectrum
Connect service to be started in cases where the firewall and SELinux are enabled..
Procedure
Follow these steps to change the firewall and SELinux settings for Spectrum Connect post-installation to allow the Spectrum
Connect service to be started in cases where the firewall and SELinux are enabled.:
-
Open the 8440 TCP port:
- RHEL 7.x, CentOS 7.x or RHEL 8.x, CentOS 8.x:
- firewall-cmd --permanent --add-port=8440/tcp
- firewall-cmd --reload
|
Note: If you are using a different firewall software, please refer to that software documentation
for help.
|
-
Open the 5672 and 4369 TCP ports under RHEL 7.x and CentOS 7.x or RHEL 8.x and CentOS
8.x:
- firewall-cmd --permanent --zone=trusted --add-interface=lo
- firewall-cmd --permanent --zone=trusted --add-port=5672/tcp
- firewall-cmd --permanent --zone=trusted --add-port=4369/tcp
- firewall-cmd --reload
|
Note: If you are using a different firewall software, please refer to that software documentation
for help.
|
-
If you are using SELinux, allow nginx to bind network interfaces and connect to the ibmsc
socket:
- RHEL 7.x, CentOS 7.x:
- semodule -i /opt/ibm/ibm_spectrum_connect/conf.d/selinux/rhel7/ibmsc.pp
- systemctl restart nginx
- RHEL 8.x, CentOS 8.x:
- semodule -i /opt/ibm/ibm_spectrum_connect/conf.d/selinux/rhel8/ibmsc.pp
- systemctl restart nginx
To display ibmsc selinux policy:
- RHEL 7.x: cat
/opt/ibm/ibm_spectrum_connect/conf.d/selinux/rhel7/ibmsc.te
- RHEL 8.x: cat
/opt/ibm/ibm_spectrum_connect/conf.d/selinux/rhel8/ibmsc.te