Web UI Down in ALE server

MVP Expert
MVP Expert
Problem:

Issue: Web UI Down in ALE server.

 

There are times when the Web UI would be down for the ALE server thought the interfaces and the necessary services are up.



Diagnostics:

This occurs in cases where customer initially had setup 443 as the communication port between ALE-IAP and later changes the port number.

Few customers would use 443 as the communication port between ALE-IAP.

 

If the ALE-IAP communication port is changed from 443  to any other port, this issue will be noticed.

Also, if you notice the /etc/sysconfig/iptables you will be unable to see the port 443.

 

#cat /etc/sysconfig/iptables

Generated by iptables-save v1.4.7 on Mon Mar 19 16:45:35 2018

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [1:40]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 4000 -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 7779 -j ACCEPT

-A INPUT -p udp -m state --state NEW -m udp --dport 8211 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

# Completed on Mon Mar 19 16:45:35 2018

 

This happens when you change the port number of the IAP from the ALE server’s Web UI.

If  customer has ALE-IAP communication set over 443 and if it is later changed to any other port

 

8088 is the  default port used for the communication between the ALE-IAP. 

 

 



Solution

 

So, when the port number is changed from 443 to 8088, the 443 entry from the iptables is removed automatically.

 

To fix the issue, we need to manually add the 443 to the iptables and restart the iptables.

-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

# service iptables restart

 

The iptables should look like below:

 

Hence it is rather advised to set any other port apart from 443 for the IAP-ALE communication.  Though it would work if 443 is set, but by later changing the port number from 443 to any other port would cause UI issues.

Following are the various communication ports used by ALE:

 

Version history
Revision #:
2 of 2
Last update:
‎10-16-2018 06:27 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: