On Wed, Jan 19, 2011 at 12:16 AM, Gordon Messmer <yinyang at eburg.com> wrote: > On 01/18/2011 02:21 PM, Kwan Lowe wrote: >> >> Yesterday I was troubleshooting an issue with a KVM host. I was >> unable to access the DNS service on a KVM virtual machine. After >> verifying that the vm allowed through the DNS ports (53 on UDP/TCP) >> and still being unable to access, I was able to connect immediately >> after allowing those ports on the KVM host. Is there anyway around >> this? The reason is that I would like to allow only SSH access to the >> host, but allow other services to the virtual machines. > > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html > > If you have your networking set up as Red Hat advises, the host's > firewall will not affect guests. Those systems will be responsible for > their own firewalling. Ahh.. The forward rule did it. It now blocks everything but SSH to the kvm host but allows to the virtuals. >From the doc: # iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT # service iptables save # service iptables restart Thank you!