Firewall check for RMC connection problems.

[seeteena]

LPAR lost RMC Connection if firewall is active on the system. .

LPAR: Check the status of the firewall running there.

 Stop and disable the firewall on the LPAR.

# systemctl stop firewalld
# systemctl disable firewalld
# rmcdomainstatus -s ctrmc -a IP

If need to have a firewall running for your test, then please ensure that you add firewall rules such that
port 657 is open for tcp and udp from any source (or at least from HMC ip addresses).

firewall-cmd --permanent --add-port=657/tcp
firewall-cmd --permanent --add-port=657/udp

Please see RMC connection problems for more details.

https://apps.na.collabserv.com/wikis/home?lang=en-us#!/wiki/Wd84435b957b9_48bc_a5a1_7b21da49f710/page/MustGather%20data%20for%20DLPAR%20or%20LPM%20problems

[seeteena]

Can you please check the feasibility of adding this also as part of servicereport tool LTCBug186432

Problem: After installation of SUSE, firewall gets enabled on LPAR. After LPM operation, LPAR loses RMC connection due to firewall. Like how we do the validation check whether kdump is enabled or not and report to the user, similarly can we check and report if firewall is enabled.

We need to run the below steps to disable firewall

1. Yast2
2. Systems & security -> Firewall
3. Not to start after reboot

[seeteena]

https://bugzilla.linux.ibm.com/show_bug.cgi?id=186432#c26

discussion going on not to disable firewall instead of add rules for RMC connection

ustomers should not disable the firewall for an RMC connection. This is a security risk. Instead customers could add a rule for the RMC connection.

[sourabhjains]

Hello @seeteena

This can be achieved using optional plugin.

Please feel free to add an optional plugin and submit a pull request.

• Sourabh Jain