Hi Gianluca, Here is my testbed setup:
Browser (firefox 24.2.0) ovirt-engine (3.3.2) host (ovirt-node) 10.10.2.143 ------------------- eth0: 10.10.36.103 eth1: 169.254.11.13 ------------------- 169.254.103.2 (I stopped iptables in testing) Which log files are needed to examine what's wrong? ----- Original Message ----- > From: Gianluca Cecchi <gianluca.cec...@gmail.com> > To: David Li <david...@sbcglobal.net> > Cc: "users@ovirt.org" <users@ovirt.org>; "dj...@redhat.com" <dj...@redhat.com> > Sent: Friday, January 24, 2014 2:25 PM > Subject: Re: [Users] Spice-proxy questions > > On Fri, Jan 24, 2014 at 8:45 PM, David Li wrote: >> David >> >> I set up the squid proxy on the same machine as ovirt-engine. I have this > in squid.conf: >> >> >> >> ------------------- >> acl localhost src 10.10.2.143/32 # for the machine running the browser >> >> >> #safe ports >> acl SSL_ports port 443 >> acl Safe_ports port 80 # http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 # https >> acl Safe_ports port 70 # gopher >> acl Safe_ports port 210 # wais >> acl Safe_ports port 1025-65535 # unregistered ports <---------- will > this allow connections to spice port range (5900-6144 IIRC).??? >> acl Safe_ports port 280 # http-mgmt >> acl Safe_ports port 488 # gss-http >> acl Safe_ports port 591 # filemaker >> acl Safe_ports port 777 # multiling http >> >> >> >> # Squid normally listens to port 3128 >> http_port 3128 >> >> # Deny requests to certain unsafe ports >> http_access deny !Safe_ports >> >> ------------------------- >> >> and set my SpiceProxyDefault=http://10.10.2.143:3128 >> >> >> >> So far, this is still not working. The Spice popup window still fails to > connect to the graphics server and html5 browser window remains blank. >> Are there any log files that can be used to debug this? >> >> Thanks. >> >> > > There is something I don't understand or that you are doing incorrectly. > > From what you write it seems that: > > - your engine has ip 10.10.2.143 > > - From which ip do you run your browser? > > - Can this ip connect to engine on port 3128? Perhaps your engine > setup already configured iptables (or firewalld) and it is blocking > you? > You can easily verify at runtime by putting this line on engine: > > iptables -I INPUT -s xxx.yyy.www.zzz -j ACCEPT > where xxx.yyy.www.zzz is the ip of the client from where you run the browser > so that you put this accept rule on top of INPUT chain and retry to > connect to VM console > > - Which ip have the hosts where VMs are running? > - Is engine (so your proxy in your configuration) capable to reach ip > of your hosts on spice ports (5900-..)? > > ALso see my previous thread here: > http://lists.ovirt.org/pipermail/users/2013-December/018554.html > > and the useful answers. > > I cannot test your config, because I have no control on my network and > network admins only allow 80 and 443 so that they are already taken by > engine itself and I can't test putting the proxy on engine itself... > > HIH anyway, > Gianluca > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users