[Users] Can't connect to any console

Sandro Bonazzola sbonazzo at redhat.com
Fri Mar 14 10:05:14 UTC 2014 

Il 13/03/2014 21:00, Chloride Cull ha scritto:
> Ah, yes, forgot about iptables. I added ACCEPT for 5000-5010 and it
> seems to work. Thanks.

can you tell why 5000-5010 port range?
After a clean AIO setup that range is not open:

# Generated by iptables-save v1.4.18 on Fri Mar 14 11:01:52 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [37952:11472658]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5432 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5900:6923 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 49152:49216 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6100 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 662 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 662 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 875 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 875 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 892 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 892 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 32769 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 32803 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Mar 14 11:01:52 2014

We can add that range to AIO setup, just want to understand why it's needed.

> 
> On 2014-03-13 18:14, Bob Doolittle wrote:
>> Try disabling firewalld and/or iptables.
>> On Mar 13, 2014 1:08 PM, "Chloride Cull" <chloride at devurandom.net> wrote:
>>
>>> So, I've finally managed to set up an all-in-one setup on a CentOS box.
>>> Issue is, I can't connect to any running VMs, connecting to the console
>>> works. After some headaches, I've found that VNC just fails, while Spice
>>> says that there is no route to the host. Thinking it was just that it
>>> disregarded /etc/hosts, I setup dnsmasq. Still got issues.
>>>
>>> dig shows it resolves, tracepath shows a path and ping gets replies.
>>> (see <http://pastebin.com/raw.php?i=qWy8RnA6>)
>>>
>>> Have anyone here had similar issues? How did you do to fix it?
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 


-- 
Sandro Bonazzola
Better technology. Faster innovation. Powered by community collaboration.
See how it works at redhat.com

More information about the Users mailing list