RHCSA Practical Lab Series β Firewall Configuration & Security
π Lab 3: Configuring Firewalld to Allow HTTP on Port 8080
π Objective
By default, firewalld blocks access to non-standard ports. In this lab, you will:
β Open port 8080 for Apache (httpd)
β Configure SELinux to allow HTTP traffic on port 8080
β Ensure firewall rules persist after reboot
π Step 1: Check Current Firewalld Rules
Before making changes, verify which ports are currently open:
[root@node1 ~]# firewall-cmd --list-all
πΉ Expected Output (partial):
public (active)
target: default
services: ssh dhcpv6-client http https
ports:
π Tip: If port 8080 is not listed under ports:, it must be added.
π Step 2: Open Port 8080 in the Firewall
Allow HTTP traffic on port 8080 permanently:
[root@node1 ~]# firewall-cmd --permanent --add-port=8080/tcp
π Tip: The --permanent flag ensures the rule persists after a reboot.
π Step 3: Reload the Firewall Rules
Apply the changes:
[root@node1 ~]# firewall-cmd --reload
πΉ Verify the rule has been applied:
[root@node1 ~]# firewall-cmd --list-ports
πΉ Expected Output:
8080/tcp
β If port 8080 appears, the firewall is correctly configured.
π Step 4: Configure SELinux to Allow HTTP on Port 8080
πΉ Check current allowed HTTP ports:
[root@node1 ~]# semanage port -l | grep http
πΉ Expected Output (partial):
http_port_t tcp 80, 443, 488, 8008, 8009, 8443
π Port 8080 is not listed, so we need to add it.
π Step 5: Allow Apache to Use Port 8080 in SELinux
[root@node1 ~]# semanage port -a -t http_port_t -p tcp 8080
πΉ Verify that port 8080 has been added:
[root@node1 ~]# semanage port -l | grep 8080
πΉ Expected Output:
http_port_t tcp 80, 443, 488, 8008, 8009, 8080, 8443
β If port 8080 appears, SELinux has been updated correctly.
π Troubleshooting:
If the command fails, ensure SELinux is in enforcing mode:
getenforce
If semanage is not found, install the package:
yum -y install policycoreutils-python-utils
π Step 6: Restart Apache and Verify
πΉ Restart the Apache service to apply changes:
[root@node1 ~]# systemctl restart httpd
πΉ Enable Apache to start on boot:
[root@node1 ~]# systemctl enable httpd
π Step 7: Verify Web Server Accessibility
πΉ Check if Apache is listening on port 8080:
[root@node1 ~]# ss -tnlp | grep httpd
πΉ Expected Output:
LISTEN 0 128 *:8080 *:* users:(("httpd",pid=1234,fd=5))
β If Apache is listening on port 8080, the configuration is correct.
π Step 8: Test Access to the Web Server
From node1, test HTTP access:
[root@node1 ~]# curl http://node1.cloudnetops.tech:8080/
πΉ Expected Output:
<html>
<head><title>Test Page</title></head>
<body><h1>Success! Apache is running on port 8080.</h1></body>
</html>
β If you receive the HTML response, the firewall and SELinux are correctly configured.
π Troubleshooting:
If the firewall rule was not applied, try restarting firewalld:
systemctl restart firewalld
If curl fails, check if httpd is running:
systemctl status httpd
β Final Summary
In this lab, you successfully:
β Opened port 8080 in firewalld
β Allowed Apache to serve content on port 8080
β Updated SELinux policy to allow HTTP on port 8080
β Restarted and enabled Apache
β Ensured the changes persist after reboot
π Next Lab: Creating User Accounts and Group Permissions
π© Subscribe for more RHCSA exam labs and hands-on tutorials! π
