I've tried it with them disabled (iptables get written) and enabled (the same issue)
The cron job seemed to do the trick, until someone just mentioned to try:
iptables -I INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT
That's not working, so I am going back to my cronjob!
- Maurice
The cron job seemed to do the trick, until someone just mentioned to try:
iptables -I INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT
That's not working, so I am going back to my cronjob!
- Maurice
On Apr 19, 2013, at 02:08 PM, Edison Su <edison...@citrix.com> wrote:
> -----Original Message-----
> From: Jason Pavao [mailto:jason.pa...@oracle.com]
> Sent: Thursday, April 18, 2013 8:50 AM
> To: dev@cloudstack.apache.org
> Cc: Maurice Lawler; us...@cloudstack.apache.org
> Subject: Re: IP tables blocking KVM/Console
>
> Maurice,
> I was having the same issues, I tried a number of iptables rule changes, but it
> seems that whenever a new instance was deployed it would overwrite my
> changes and break things again. My temporary fix is to run a cron job that
> runs every minute that issues a service iptables stop.
Do you disable security group when creating the zone? If security group is disabled, then there should be no iptables rules created on kvm host when a new instance created.
>
> It's not elegant but it works since I don't have a need for security groups and
> am supporting a jenkins continuous testing environment with no need for
> network ingress/egress rules.
>
> Does anyone else know why this is happening?
>
> I am running cs 4.0.1 on oel6.3x64
>
> Any help would be appreciated.
> Thanks.
> -jason
>
> On 4/17/2013 7:47 PM, Maurice Lawler wrote:
> > I have stopped iptables at least 15 times, because it keeps blocking
> > my console access to my instances. How can I either A) disable
> > Iptables all together / b add a rule to allow it's access.
> >
> > Right now, it has this:
> >
> > [root@lunder ~]# iptables -L
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> > ACCEPT udp -- anywhere anywhere udp
> > dpt:bootps
> > ACCEPT tcp -- anywhere anywhere tcp
> > dpt:bootps
> > ACCEPT tcp -- anywhere anywhere tcp
> > dpts:49152:49216
> > ACCEPT tcp -- anywhere anywhere tcp
> > dpts:vnc-server:synchronet-db
> > ACCEPT tcp -- anywhere anywhere tcp
> > dpt:16509
> > ACCEPT tcp -- anywhere anywhere tcp
> > dpt:websm
> > ACCEPT tcp -- anywhere anywhere tcp dpt:8250
> > ACCEPT tcp -- anywhere anywhere tcp
> > dpt:empowerid
> > ACCEPT tcp -- anywhere anywhere tcp
> > dpt:webcache
> > ACCEPT all -- anywhere anywhere state
> > RELATED,ESTABLISHED
> > ACCEPT icmp -- anywhere anywhere
> > ACCEPT all -- anywhere anywhere
> > ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
> > REJECT all -- anywhere anywhere reject-with
> > icmp-host-prohibited
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> > [root@lunder ~]#
> >
> > But there was plenty of other rules previously to my stopping it.
> >
> >
>
> --
> Thanks.
> -Jason
