Oracle is known to have firewall rule entries by default on the VMs not to forward traffic. You can check this with the following command:
sudo iptables -L -n -v --line-numbers
If it has an entry similar to the underlined rules. For example:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 200K 88M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 1 84 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
3 16437 1418K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
4 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:123
5 10 520 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
6 1085 44016 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
7 0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
8 0 0 ACCEPT all -- tap+ * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 172 10544 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
2 0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
3 0 0 ACCEPT all -- tap+ * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 175K packets, 189M bytes)
num pkts bytes target prot opt in out source destination
1 46893 3885K InstanceServices all -- * * 0.0.0.0/0 169.254.0.0/16
Chain InstanceServices (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- * * 0.0.0.0/0 169.254.0.2 owner UID match 0 tcp dpt:3260 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
2 0 0 ACCEPT tcp -- * * 0.0.0.0/0 169.254.2.0/24 owner UID match 0 tcp dpt:3260 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
3 0 0 ACCEPT tcp -- * * 0.0.0.0/0 169.254.4.0/24 owner UID match 0 tcp dpt:3260 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
4 0 0 ACCEPT tcp -- * * 0.0.0.0/0 169.254.5.0/24 owner UID match 0 tcp dpt:3260 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
5 0 0 ACCEPT tcp -- * * 0.0.0.0/0 169.254.0.2 tcp dpt:80 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
6 4834 442K ACCEPT udp -- * * 0.0.0.0/0 169.254.169.254 udp dpt:53 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
7 0 0 ACCEPT tcp -- * * 0.0.0.0/0 169.254.169.254 tcp dpt:53 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
8 0 0 ACCEPT tcp -- * * 0.0.0.0/0 169.254.0.3 owner UID match 0 tcp dpt:80 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
9 0 0 ACCEPT tcp -- * * 0.0.0.0/0 169.254.0.4 tcp dpt:80 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
10 41958 3434K ACCEPT tcp -- * * 0.0.0.0/0 169.254.169.254 tcp dpt:80 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
11 4 1264 ACCEPT udp -- * * 0.0.0.0/0 169.254.169.254 udp dpt:67 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
12 0 0 ACCEPT udp -- * * 0.0.0.0/0 169.254.169.254 udp dpt:69 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
13 97 7372 ACCEPT udp -- * * 0.0.0.0/0 169.254.169.254 udp dpt:123 /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */
14 0 0 REJECT tcp -- * * 0.0.0.0/0 169.254.0.0/16 tcp /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */ reject-with tcp-reset
15 0 0 REJECT udp -- * * 0.0.0.0/0 169.254.0.0/16 udp /* See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule */ reject-with icmp-port-unreachable
Then, you will have a block message (ICMP Host prohibited) on the traffic passing the Connector:
You can proceed to remove these rules using the following commands:
sudo iptables -D InstanceServices 15 && sudo iptables -D InstanceServices 14
sudo iptables -D FORWARD 1
sudo iptables -D INPUT 6
Note: The command shown may require modification for your scenario. For further reference, find the rule number with this information:
Comments
0 comments
Please sign in to leave a comment.