cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Pavao <jason.pa...@oracle.com>
Subject Re: IP tables blocking KVM/Console
Date Thu, 18 Apr 2013 15:49:51 GMT
Maurice,
I was having the same issues, I tried a number of iptables rule changes, 
but it seems that whenever a new instance was deployed it would 
overwrite my changes and break things again. My temporary fix is to run 
a cron job that runs every minute that issues a service iptables stop.

It's not elegant but it works since I don't have a need for security 
groups and am supporting a jenkins continuous testing environment with 
no need for network ingress/egress rules.

Does anyone else know why this is happening?

I am running cs 4.0.1 on oel6.3x64

Any help would be appreciated.
Thanks.
-jason

On 4/17/2013 7:47 PM, Maurice Lawler wrote:
> I have stopped iptables at least 15 times, because it keeps blocking 
> my console access to my instances. How can I either A) disable 
> Iptables all together / b add a rule to allow it's access.
>
> Right now, it has this:
>
> [root@lunder ~]# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     udp  --  anywhere             anywhere            udp 
> dpt:bootps
> ACCEPT     tcp  --  anywhere             anywhere            tcp 
> dpt:bootps
> ACCEPT     tcp  --  anywhere             anywhere            tcp 
> dpts:49152:49216
> ACCEPT     tcp  --  anywhere             anywhere            tcp 
> dpts:vnc-server:synchronet-db
> ACCEPT     tcp  --  anywhere             anywhere            tcp 
> dpt:16509
> ACCEPT     tcp  --  anywhere             anywhere            tcp 
> dpt:websm
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8250
> ACCEPT     tcp  --  anywhere             anywhere            tcp 
> dpt:empowerid
> ACCEPT     tcp  --  anywhere             anywhere            tcp 
> dpt:webcache
> ACCEPT     all  --  anywhere             anywhere state 
> RELATED,ESTABLISHED
> ACCEPT     icmp --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     tcp  --  anywhere             anywhere state NEW tcp dpt:ssh
> REJECT     all  --  anywhere             anywhere reject-with 
> icmp-host-prohibited
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> [root@lunder ~]#
>
> But there was plenty of other rules previously to my stopping it.
>
>

-- 
Thanks.
-Jason


Mime
View raw message