Sunday, February 22, 2026

Oracle Cloud Instance Ubuntu iptables

I've recently been exploring Oracle's Cloud offerings while looking to migrate a website from an Amazon EC2 instance.  After struggling with troubleshooting connectivity through Oracle's Cloud seemingly straight forward security offerings, I found the default Ubuntu image has iptables configured as well.  It restricts all ingress except port 22 for SSH.

Given I rarely dabble in iptables, here's a few tips for next time:

! Show iptables configuration including line numbers
sudo iptables -L -n --line-numbers

! Add and entry to accept traffic on port 80 at configuration line number 4
! Existing entries at line 4 and beyond will slide down to 5 and beyond
sudo iptables -I INPUT 4 -p tcp --dport 80 -m state --state NEW -j ACCEPT

! Add and entry to accept traffic on port 443 at configuration line number 4
! Existing entries at line 4 and beyond will slide down to 5 and beyond
sudo iptables -I INPUT 4 -p tcp --dport 443 -m state --state NEW -j ACCEPT

! Make the entries persistent
sudo netfilter-persistent save

If your successful, your iptables look something like this:

ubuntu@server001:~$
ubuntu@server001:~$ sudo iptables -L -n --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
2    ACCEPT     1    --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     0    --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443 state NEW
5    ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80 state NEW
6    ACCEPT     6    --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
7    REJECT     0    --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Posted by at No comments:

Wednesday, September 24, 2025

Cisco CUCM Remote RISDC is down or unreachable

Restart these services from the affected node:

  • Cisco RIS Data Collector (From serviceability Network services)
  • Cisco Call Manager Serviceability RTMT (From serviceability Network services)
  • Cisco RTMT Reporter Servlet (From serviceability Network services)
  • Cisco Trace Collection Servlet (From serviceability Network services)
  • Cisco Trace Collection Service (From serviceability Network services)
  • Cisco AMC Service (From serviceability Network services)
  • Cisco SOAP-Real-Time Service APIs (From serviceability Network services)
  • Cisco SOAP-Performance Monitoring APIs (From serviceability Network services)

My experience has been the Cisco AMC Service is the offender.  My ability to monitor the RISDB from RTMT was restored after that restart.
Posted by at No comments:

Friday, March 21, 2025

Cisco CUBE troubleshooting commands

# on by default from IOS-XE 17.4.1 17.3.2

voice service trace
    trace

show voip trace    
    all = don't do this, process intense
    cover-buffers = displays list of calls (cover-buffers)

# to find a call

show voip trace cover-buffer | include <calling or called number>

show voip trace cover-buffer | section <calling or called number>

# to find call detail

show voip trace call-id <call-id>

The results can be digested by https://cway.cisco.com/csa or TranslatorX.  If using csa, include show run and show version to include additional analysis (dial-peer matches).




Posted by at No comments:

Monday, January 06, 2025

Win10 modify environment variables for a different user

Problem:

Working in an environment where administrative access to the local PC was unavailable.  Local admin access was only available temporarily by elevating access with another local account. 

Found I needed to set and later remove a user environment variable SSLKEYLOGFILE.

When opening the System Properties app and then Environment Variables using the local admin credentials I found setting and deleting the variable was user specific and was being set for the local admin account that couldn't be used for interactive login.  The variable did not affect my account that I used for normal business.

Fix:

First, I needed to find the SID of my real user:

wmic useraccount where name="my_usual_username" get sid

Then I needed to open the registry editor via regedit.  I was allowed to do this via the local admin account.

I found the user specific environment variables are held in HKEY_USERS\the_sid_you_were_returned_above\Environment.

From there you can add and delete environment variables for any of the accounts that exist on the PC.


Posted by at No comments:

Saturday, December 21, 2024

Using environment variables in Flask vs. Gunicorn

Problem:

 I recently built an app that sent mail in Flask / Flask_Mail via smtp.gmail.com.

After moving it to production using nginx and gunicorn rather than the flask development server I found the emails attempts were rejected by GMail and the logs stated authentication was required.

I was using the same .env file in production that held the mail credentials and was reading that file the same way with load_dotenv().  After stopping nginx and starting the flask server in production I found the mail was sent normally so there was no firewall or permission issues in production.

Fix:

create a gunicorn.config.py and load the .env file there. This is the extent of my file:

import os

from dotenv import load_dotenv

load_dotenv('.env')







Posted by at No comments:
Subscribe to: Comments (Atom)