Why Enterprise Manager was not showing up from a Linux server?

I was working on a Redhat Linux 5 server when I noticed that the Enterprise Manager was not starting from my local windows laptop. The database is hosted on a Redhat Linux server and I was trying to access EMCTL from my windows laptop. After checking database logs, I was sure that it was nothing to do with database but the system.

Now from Linux, I opened firefox and then tried to run the EMCTL from there. It was working. Clearly, the problem was related to firewall (either at windows laptop side or from Linux server side). Upon disabling windows firewall also when it did not work, then it was confirmed that Linux firewall was blocking EMCTL's port connections.

Here is the steps to enable one specific port for EMCTL on Linux. This can be used to enable any other port as well.

1) Open /usr/bin/system-config-securitylevel from Linux side (after setting correct display)
2) Append/enable 1158 port with TCP.
3) Apply + select Ok.

Boom! You have just enabled one port from Linux firewall. :-)

[root@dbserver ~]# ls -l /etc/sysconfig/iptables ; cat /etc/sysconfig/iptables
-rw------- 1 root root 870 Jun  8 23:54 /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Following is to invoke Linux firewall settings gui:

[root@dbserver ~]# /usr/bin/system-config-securitylevel &
[1] 15722

Note that after making any such change in system, the connection to server has to be re-established. It disconnects all the existing connections. so, be careful on production boxes!

login as: root
root@dbserver's password:
[root@dbserver ~]#
[root@dbserver ~]#
[root@dbserver ~]# ls -l /etc/sysconfig/iptables ; cat /etc/sysconfig/iptables
-rw------- 1 root root 951 Jul 21 13:02 /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1158 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@dbserver ~]#