cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maurice Lawler <maurice.law...@me.com>
Subject IPTables Issues
Date Wed, 28 Aug 2013 18:58:51 GMT
Hello folks,

I have a couple issues with the iptables showed below.

1) When enabled, I find that I cannot resolve DNS (ie: ping google.com) or even yum update
etc.

2) When enabled, I am also unable to view the console.

When I disable both issues go away.

Please assist.

-Maurice

################################################3

[root@cloud ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Fri Aug 16 15:30:37 2013
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:BF-cloudbr0 - [0:0]
:BF-cloudbr0-IN - [0:0]
:BF-cloudbr0-OUT - [0:0]
:s-1-VM - [0:0]
:v-2-VM - [0:0]
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9090 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8250 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 7080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 16509 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -o cloudbr0 -m physdev --physdev-is-bridged -j BF-cloudbr0
-A FORWARD -i cloudbr0 -m physdev --physdev-is-bridged -j BF-cloudbr0
-A FORWARD -o cloudbr0 -j DROP
-A FORWARD -i cloudbr0 -j DROP
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A BF-cloudbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A BF-cloudbr0 -m physdev --physdev-is-in --physdev-is-bridged -j BF-cloudbr0-IN
-A BF-cloudbr0 -m physdev --physdev-is-out --physdev-is-bridged -j BF-cloudbr0-OUT
-A BF-cloudbr0 -m physdev --physdev-out eth0 --physdev-is-bridged -j ACCEPT
-A BF-cloudbr0-IN -m physdev --physdev-in vnet1 --physdev-is-bridged -j s-1-VM
-A BF-cloudbr0-IN -m physdev --physdev-in vnet2 --physdev-is-bridged -j s-1-VM
-A BF-cloudbr0-IN -m physdev --physdev-in vnet3 --physdev-is-bridged -j s-1-VM
-A BF-cloudbr0-IN -m physdev --physdev-in vnet5 --physdev-is-bridged -j v-2-VM
-A BF-cloudbr0-IN -m physdev --physdev-in vnet6 --physdev-is-bridged -j v-2-VM
-A BF-cloudbr0-OUT -m physdev --physdev-out vnet1 --physdev-is-bridged -j s-1-VM
-A BF-cloudbr0-OUT -m physdev --physdev-out vnet2 --physdev-is-bridged -j s-1-VM
-A BF-cloudbr0-OUT -m physdev --physdev-out vnet3 --physdev-is-bridged -j s-1-VM
-A BF-cloudbr0-OUT -m physdev --physdev-out vnet5 --physdev-is-bridged -j v-2-VM
-A BF-cloudbr0-OUT -m physdev --physdev-out vnet6 --physdev-is-bridged -j v-2-VM
-A s-1-VM -m physdev --physdev-in vnet1 --physdev-is-bridged -j RETURN
-A s-1-VM -m physdev --physdev-in vnet2 --physdev-is-bridged -j RETURN
-A s-1-VM -m physdev --physdev-in vnet3 --physdev-is-bridged -j RETURN
-A s-1-VM -j ACCEPT
-A v-2-VM -m physdev --physdev-in vnet5 --physdev-is-bridged -j RETURN
-A v-2-VM -m physdev --physdev-in vnet6 --physdev-is-bridged -j RETURN
-A v-2-VM -j ACCEPT
COMMIT
# Completed on Fri Aug 16 15:30:37 2013
[root@cloud ~]#


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
    • Unnamed multipart/related (inline, None, 0 bytes)
View raw message