On Wed, Jan 19, 2011 at 12:16 AM, Gordon Messmer yinyang@eburg.com wrote:
On 01/18/2011 02:21 PM, Kwan Lowe wrote:
Yesterday I was troubleshooting an issue with a KVM host. I was unable to access the DNS service on a KVM virtual machine. After verifying that the vm allowed through the DNS ports (53 on UDP/TCP) and still being unable to access, I was able to connect immediately after allowing those ports on the KVM host. Is there anyway around this? The reason is that I would like to allow only SSH access to the host, but allow other services to the virtual machines.
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Virtualiza...
If you have your networking set up as Red Hat advises, the host's firewall will not affect guests. Those systems will be responsible for their own firewalling.
Ahh.. The forward rule did it. It now blocks everything but SSH to the kvm host but allows to the virtuals.
From the doc:
# iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT # service iptables save # service iptables restart
Thank you!