cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edison Su <Edison...@citrix.com>
Subject RE: IP tables blocking KVM/Console
Date Fri, 19 Apr 2013 18:15:01 GMT
This rule will reject all the ingress activities: "REJECT     all  --  anywhere           
 anywhere            reject-with icmp-host-prohibited"
You can try:
iptables -I INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT
to allow console access.

From: Maurice Lawler [mailto:maurice.lawler@me.com]
Sent: Wednesday, April 17, 2013 7:48 PM
To: Cloud Dev
Cc: users@cloudstack.apache.org; users@cloudstack.apache.org
Subject: IP tables blocking KVM/Console

I have stopped iptables at least 15 times, because it keeps blocking my console access to
my instances. How can I either A) disable Iptables all together / b add a rule to allow it's
access.

Right now, it has this:

[root@lunder ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:49152:49216
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:vnc-server:synchronet-db
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:16509
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:websm
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8250
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:empowerid
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:webcache
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@lunder ~]#

But there was plenty of other rules previously to my stopping it.



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message