On Wed, Jan 19, 2011 at 12:16 AM, Gordon Messmer <yinyang@xxxxxxxxx> wrote:
> On 01/18/2011 02:21 PM, Kwan Lowe wrote:
>>
>> Yesterday I was troubleshooting an issue with a KVM host. I was
>> unable to access the DNS service on a KVM virtual machine. After
>> verifying that the vm allowed through the DNS ports (53 on UDP/TCP)
>> and still being unable to access, I was able to connect immediately
>> after allowing those ports on the KVM host. Is there anyway around
>> this? The reason is that I would like to allow only SSH access to the
>> host, but allow other services to the virtual machines.
>
> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html
>
> If you have your networking set up as Red Hat advises, the host's
> firewall will not affect guests. Those systems will be responsible for
> their own firewalling.
Ahh.. The forward rule did it. It now blocks everything but SSH to
the kvm host but allows to the virtuals.
>From the doc:
# iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
# service iptables save
# service iptables restart
Thank you!
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
