[CentOS] KVM host question about host firewall

Wed Jan 19 20:42:38 UTC 2011
Kanwar Ranbir Sandhu <m3freak at thesandhufamily.ca>

On Tue, 2011-01-18 at 17:21 -0500, Kwan Lowe wrote:
>    Yesterday I was troubleshooting an issue with a KVM host. I was
> unable to access the DNS service on a KVM virtual machine. After
> verifying that the vm allowed through the DNS ports (53 on UDP/TCP)
> and still being unable to access, I was able to connect immediately
> after allowing those ports on the KVM host.  Is there anyway around
> this?  The reason is that I would like to allow only SSH access to the
> host, but allow other services to the virtual machines.

I just disable iptables on the host.  Maybe that's not the best solution
for your particular situation, but in mine, it works fine.

I use tcp wrappers to allow ssh access to only those I deem worthy, and
we have external firewalls in place as well (I lock down our boxes in
other ways, as well).  

I haven't seen the need to put in a host based firewall...yet, anyway.



Kanwar Ranbir Sandhu
Linux x86_64 GNU/Linux 
15:39:12 up 9 days, 21:23, 3 users, load average: 0.03, 0.07, 0.02