On 2020-08-17 11:45, Robert Moskowitz
wrote:
On 8/16/20 11:42 PM, Ed Greshko wrote:
On 2020-08-17 11:40, Robert Moskowitz wrote:
No I don't
# firewall-cmd --info-zone=libvirt
libvirt (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: virbr0
sources:
services: dhcp dhcpv6 dns ssh tftp
ports:
protocols: icmp ipv6-icmp
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule priority="32767" reject
Well, connections from a QEMU guest come via the virbr0 interface which is in the libvirt zone.
So, you'll need to add that port for ssh to work.
Thanks for leading me to the problem. I will read up on this in the morning and get it working (I know you are half-way around the world from me!).
firewall-cmd --permanent --zone=libvirt --add-port=745/tcp
should be sufficient.
I have dealt with firewall zones on 'real' firewalls. Just never really spent the time on a host config. But until know, the host was always an endpoint.
--
The key to getting good answers is to ask good questions.
The key to getting good answers is to ask good questions.
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
