What do you see in :
On Fri, Apr 19, 2013 at 2:17 PM, Maurice Lawler <maurice.law...@me.com>wrote: > I've tried it with them disabled (iptables get written) and enabled (the > same issue) > > The cron job seemed to do the trick, until someone just mentioned to try: > > iptables -I INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT > > That's not working, so I am going back to my cronjob! > > - Maurice > > > On Apr 19, 2013, at 02:08 PM, Edison Su <edison...@citrix.com> wrote: > > > > > -----Original Message----- > > From: Jason Pavao [mailto:jason.pa...@oracle.com] > > Sent: Thursday, April 18, 2013 8:50 AM > > To: dev@cloudstack.apache.org > > Cc: Maurice Lawler; us...@cloudstack.apache.org > > Subject: Re: IP tables blocking KVM/Console > > > > Maurice, > > I was having the same issues, I tried a number of iptables rule changes, > but it > > seems that whenever a new instance was deployed it would overwrite my > > changes and break things again. My temporary fix is to run a cron job > that > > runs every minute that issues a service iptables stop. > > Do you disable security group when creating the zone? If security group is > disabled, then there should be no iptables rules created on kvm host when a > new instance created. > > > > > It's not elegant but it works since I don't have a need for security > groups and > > am supporting a jenkins continuous testing environment with no need for > > network ingress/egress rules. > > > > Does anyone else know why this is happening? > > > > I am running cs 4.0.1 on oel6.3x64 > > > > Any help would be appreciated. > > Thanks. > > -jason > > > > On 4/17/2013 7:47 PM, Maurice Lawler wrote: > > > I have stopped iptables at least 15 times, because it keeps blocking > > > my console access to my instances. How can I either A) disable > > > Iptables all together / b add a rule to allow it's access. > > > > > > Right now, it has this: > > > > > > [root@lunder ~]# iptables -L > > > Chain INPUT (policy ACCEPT) > > > target prot opt source destination > > > ACCEPT udp -- anywhere anywhere udp > > > dpt:bootps > > > ACCEPT tcp -- anywhere anywhere tcp > > > dpt:bootps > > > ACCEPT tcp -- anywhere anywhere tcp > > > dpts:49152:49216 > > > ACCEPT tcp -- anywhere anywhere tcp > > > dpts:vnc-server:synchronet-db > > > ACCEPT tcp -- anywhere anywhere tcp > > > dpt:16509 > > > ACCEPT tcp -- anywhere anywhere tcp > > > dpt:websm > > > ACCEPT tcp -- anywhere anywhere tcp dpt:8250 > > > ACCEPT tcp -- anywhere anywhere tcp > > > dpt:empowerid > > > ACCEPT tcp -- anywhere anywhere tcp > > > dpt:webcache > > > ACCEPT all -- anywhere anywhere state > > > RELATED,ESTABLISHED > > > ACCEPT icmp -- anywhere anywhere > > > ACCEPT all -- anywhere anywhere > > > ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh > > > REJECT all -- anywhere anywhere reject-with > > > icmp-host-prohibited > > > > > > Chain FORWARD (policy ACCEPT) > > > target prot opt source destination > > > > > > Chain OUTPUT (policy ACCEPT) > > > target prot opt source destination > > > [root@lunder ~]# > > > > > > But there was plenty of other rules previously to my stopping it. > > > > > > > > > > -- > > Thanks. > > -Jason > >