On 19/01/11 11:21, Kwan Lowe wrote:

Hello All: I'll ask this in the virt list later if this is not the appropriate forum...

Yesterday I was troubleshooting an issue with a KVM host. I was unable to access the DNS service on a KVM virtual machine.

From where? Another VM, the host or from outside the host?

On 01/18/2011 02:21 PM, Kwan Lowe wrote:

Yesterday I was troubleshooting an issue with a KVM host. I was

unable to access the DNS service on a KVM virtual machine. After verifying that the vm allowed through the DNS ports (53 on UDP/TCP) and still being unable to access, I was able to connect immediately after allowing those ports on the KVM host. Is there anyway around this? The reason is that I would like to allow only SSH access to the host, but allow other services to the virtual machines.

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Virtualiza...

If you have your networking set up as Red Hat advises, the host's firewall will not affect guests. Those systems will be responsible for their own firewalling.

On Tue, 2011-01-18 at 17:21 -0500, Kwan Lowe wrote:

Yesterday I was troubleshooting an issue with a KVM host. I was unable to access the DNS service on a KVM virtual machine. After verifying that the vm allowed through the DNS ports (53 on UDP/TCP) and still being unable to access, I was able to connect immediately after allowing those ports on the KVM host. Is there anyway around this? The reason is that I would like to allow only SSH access to the host, but allow other services to the virtual machines.

I just disable iptables on the host. Maybe that's not the best solution for your particular situation, but in mine, it works fine.

I use tcp wrappers to allow ssh access to only those I deem worthy, and we have external firewalls in place as well (I lock down our boxes in other ways, as well).

I haven't seen the need to put in a host based firewall...yet, anyway.

Regards,

Ranbir