On Tue, 2011-01-18 at 17:21 -0500, Kwan Lowe wrote:
Yesterday I was troubleshooting an issue with a KVM host. I was unable to access the DNS service on a KVM virtual machine. After verifying that the vm allowed through the DNS ports (53 on UDP/TCP) and still being unable to access, I was able to connect immediately after allowing those ports on the KVM host. Is there anyway around this? The reason is that I would like to allow only SSH access to the host, but allow other services to the virtual machines.
I just disable iptables on the host. Maybe that's not the best solution for your particular situation, but in mine, it works fine.
I use tcp wrappers to allow ssh access to only those I deem worthy, and we have external firewalls in place as well (I lock down our boxes in other ways, as well).
I haven't seen the need to put in a host based firewall...yet, anyway.
Regards,
Ranbir