8:08 p.m.
So, I've finally managed to set up an all-in-one setup on a CentOS box.
Issue is, I can't connect to any running VMs, connecting to the console
works. After some headaches, I've found that VNC just fails, while Spice
says that there is no route to the host. Thinking it was just that it
disregarded /etc/hosts, I setup dnsmasq. Still got issues.
dig shows it resolves, tracepath shows a path and ping gets replies.
(see <http://pastebin.com/raw.php?i=qWy8RnA6>)
Have anyone here had similar issues? How did you do to fix it?
8:14 p.m.
Try disabling firewalld and/or iptables.
On Mar 13, 2014 1:08 PM, "Chloride Cull" <chloride(a)devurandom.net> wrote:
So, I've finally managed to set up an all-in-one setup on a
CentOS box.
Issue is, I can't connect to any running VMs, connecting to the console
works. After some headaches, I've found that VNC just fails, while Spice
says that there is no route to the host. Thinking it was just that it
disregarded /etc/hosts, I setup dnsmasq. Still got issues.
dig shows it resolves, tracepath shows a path and ping gets replies.
(see <http://pastebin.com/raw.php?i=qWy8RnA6>)
Have anyone here had similar issues? How did you do to fix it?
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
11 p.m.
Ah, yes, forgot about iptables. I added ACCEPT for 5000-5010 and it
seems to work. Thanks.
On 2014-03-13 18:14, Bob Doolittle wrote:
Try disabling firewalld and/or iptables.
On Mar 13, 2014 1:08 PM, "Chloride Cull" <chloride(a)devurandom.net>
wrote:
> So, I've finally managed to set up an all-in-one setup on a CentOS box.
> Issue is, I can't connect to any running VMs, connecting to the console
> works. After some headaches, I've found that VNC just fails, while Spice
> says that there is no route to the host. Thinking it was just that it
> disregarded /etc/hosts, I setup dnsmasq. Still got issues.
>
> dig shows it resolves, tracepath shows a path and ping gets replies.
> (see <http://pastebin.com/raw.php?i=qWy8RnA6>)
>
> Have anyone here had similar issues? How did you do to fix it?
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
1:05 p.m.
Il 13/03/2014 21:00, Chloride Cull ha scritto:
Ah, yes, forgot about iptables. I added ACCEPT for 5000-5010 and it
seems to work. Thanks.
can you tell why 5000-5010 port range?
After a clean AIO setup that range is not open:
# Generated by iptables-save v1.4.18 on Fri Mar 14 11:01:52 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [37952:11472658]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5900:6923 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 49152:49216 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6100 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 662 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 662 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 875 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 875 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 892 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 892 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 32769 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 32803 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Mar 14 11:01:52 2014
We can add that range to AIO setup, just want to understand why it's needed.
On 2014-03-13 18:14, Bob Doolittle wrote:
> Try disabling firewalld and/or iptables.
> On Mar 13, 2014 1:08 PM, "Chloride Cull" <chloride(a)devurandom.net>
wrote:
>
>> So, I've finally managed to set up an all-in-one setup on a CentOS box.
>> Issue is, I can't connect to any running VMs, connecting to the console
>> works. After some headaches, I've found that VNC just fails, while Spice
>> says that there is no route to the host. Thinking it was just that it
>> disregarded /etc/hosts, I setup dnsmasq. Still got issues.
>>
>> dig shows it resolves, tracepath shows a path and ping gets replies.
>> (see <http://pastebin.com/raw.php?i=qWy8RnA6>)
>>
>> Have anyone here had similar issues? How did you do to fix it?
>>
>> _______________________________________________
>> Users mailing list
>> Users(a)ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com
3906
days inactive
3907
days old
3 comments
3 participants
participants (3)
-
Bob Doolittle -
Chloride Cull -
Sandro Bonazzola