On Thu, Oct 13, 2016 at 11:13 AM, Gianluca Cecchi <gianluca.cecchi(a)gmail.com
wrote:
Il 13/Ott/2016 11:00, "Piotr Kliczewski"
<pkliczew(a)redhat.com> ha scritto:
>
> Gianluca,
>
> Checking the log it seems that we do not configure firewall:
>
> NETWORK/firewalldEnable=bool:'False'
> NETWORK/iptablesEnable=bool:'False'
>
> Please make sure that you reconfigure your firewall to open 54321 port
or let host deploy to do it for you.
>
> Thanks,
> Piotr
Hi,
at this moment Ihave:
On hypervisor iptables service configured and active.
On engine firewalld service configured and active.
Do I have to open port 54321 on host?
Actually it is already...
root@ovirt01 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
ACCEPT all -- 192.168.1.212 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:54321
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:161
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:16514
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport
dports 2223
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport
dports 5900:6923
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport
dports 49152:49216
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate
RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match
! --physdev-is-bridged reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
[root@ovirt01 ~]#