Barry, (1) guest1# iptables -L FORWARD -n Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
guest2# iptables -L FORWARD -n Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 (2) the followings are outpit of "iptables -L". The iptables output was same for guest1 and guest2: # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT ipv6-crypt-- anywhere anywhere ACCEPT ipv6-auth-- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353 ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Thanks. -------------- Original message ---------------------- From: Barry Brimer <[EMAIL PROTECTED]> > What is the output with the firewall running of "iptables -L FORWARD -n" > ?? I am wondering if you are getting something dropped somehow in the > FORWARD chain. > > On Fri, 7 Mar 2008 [EMAIL PROTECTED] wrote: > > > Hi, > > > > I have installed two para-virtualized guests on the a RHEL 5.1 host. I met > > an > issue of connection between each guest: > > > > (1) Yes. Each guest could ping each other; > > > > (2) No. Each guest couldn't SSH each other even I opened the SSH 22 port: > > # iptables -L > > ACCEPT tcp -- anywhere anywhere tcp dpt:ssh > > > > > > (3) No. Each guest also couldn't telnet each other: > > guest1# telnet guest2 > > Trying 198.17.34.12... > > telnet: connect to address 198.17.34.12: No route to host > > telnet: Unable to connect to remote host: No route to host > > > > (4) If I stopped the iptables on the both guests, then I could SSH or > > telnet > between guests. > > > > Did anyone know how to set the iptables rules on the para-virtualized host > > or > guests to resolve it? > > > > Thanks, > > Winty > > > > _______________________________________________ > > rhelv5-list mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/rhelv5-list > > > > !DSPAM:47d0a6fd185119652919872! > > > > > > _______________________________________________ > rhelv5-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/rhelv5-list _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
