couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Couchdb Wiki] Update of "Installing_on_RHEL5" by ElisianoPetrini
Date Wed, 11 Jul 2012 09:11:32 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.

The "Installing_on_RHEL5" page has been changed by ElisianoPetrini:
http://wiki.apache.org/couchdb/Installing_on_RHEL5?action=diff&rev1=17&rev2=18

  $ make
  # make install
  }}}
+ == Tip: mind the firewall ==
+ It's very likely that the default installation of a Red Hat system has the firewall turned
on. This can be verified by issuing:
+ {{{
+ # service iptables status
+ }}}
+ If it is active then it will list the rules, otherwise you'll get an ''unrecognized service''
error message.
+ The default firewall configuration on such system resides in /etc/sysconfig/iptables (and
if you're using ipv6 then /etc/sysconfig/ip6tables). 
+ In this case just insert a rule for CouchDB before the REJECT rule. By default, the rules
should look like the following (already added the CouchDB rule):
+ {{{
+ *filter
+ :INPUT ACCEPT [0:0]
+ :FORWARD ACCEPT [0:0]
+ :OUTPUT ACCEPT [0:0]
+ :RH-Firewall-1-INPUT - [0:0]
+ -A INPUT -j RH-Firewall-1-INPUT
+ -A FORWARD -j RH-Firewall-1-INPUT
+ -A RH-Firewall-1-INPUT -i lo -j ACCEPT
+ -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
+ -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
+ -A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
+ -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+ -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
+ -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
+ ### The following rule allows CouchDB connections from everywhere ###
+ -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5984 -j ACCEPT
+ -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
+ COMMIT
+ }}}
  
+ Similarly, the firewall could be active also on CentOS systems. The file is still the same
(/etc/sysconfig/iptables) but the default rules change a bit. 
+ Also in this case insert the rule for CouchDB before the REJECT.
+ {{{
+ -A INPUT -p tcp --dport 5984 -j ACCEPT
+ }}}
+ 
+ In both cases, don't forget to restart the iptables service
+ {{{
+ # service iptables restart
+ }}}
+ 

Mime
View raw message