Wednesday, December 1, 2021

How to change OCI VCN name using OCI cli?

 From OCI console, user don't have a option to rename a VCN display name. The method to overcome this is to use the OCI cli command. The fastest way is to use the OCI cloud shell as the OCI CLI is already installed by default.


Open up cloud shell and type in

oci network vcn update --vcn-id XXXXXXX --display-name YYYYY

where XXXXXXX is your VCN OCID and YYYYY is the name you want your VCN display name to change to.

Posted by at No comments:

Sunday, November 28, 2021

Enable ping on OCI Ubuntu instance.

 There are 2 parts to do. First is to ensure the ubuntu or any linux OS firewall enable ICMP ping. Ubuntu uses iptables.

1st part: Allow Ping from Outside to Inside

Type in the following commands 
sudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
sudo iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
Type in the following commands 
ubuntu@ubuntuwp:~$ sudo iptables -L
The output sample is as follow and the yellow highlight are the 2 conditions added.  

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere             udp spt:ntp
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:http
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
InstanceServices  all  --  anywhere             link-local/16
ACCEPT     icmp --  anywhere             anywhere             icmp echo-reply
 

2nd part: Update the security list in the OCI security list.

Create new or edit existing Security List that is within your VCN. Click on "Create Security List". I have created a new Security List named "Allow ping"
 
 
 
 Input the same as the screenshot below for the ingress rule. This is to allow all types of ICMP in the ingress rule.
Click on Save Changes.
Next is very important. Assign this Security List to your desired compartment. In my case is the Wordpress compartment.

Click on the Subnets, then the subnet name you created.

Click on Add Security List


Select the Security List you created. In my case is "Allow ping", then click on Add Security List.

You should now be able to ping to your OCI Ubuntu instance from your workstation.
 
The reason to create a delicated security list for ping is because if you like to disable it, all you need to do is just remove/de-assign it from the VCN's subnet.
 
Have fun.





 
 
 
 
 
Posted by at No comments:
Location: Singapore
Subscribe to: Posts (Atom)