Hi all, I’m installing a new SL7 box running a KVM host and several guests. I established a bridge br0 attached to eth0 for external access for host and all guests und use virbr0 as an internal connection between guests and host to access protected resources (e.g. a tomcat application server). Anything works fine so far.
I tried to assign the internal network devices (eth1 on guests, virbr0 on host) to the trusted zones using # firewall-cmd --permanent --zone=public --remove-interface=eth1 # firewall-cmd --permanent —zone=trusted --add-interface=eth1 # firewall-cmd —reload but it doesn’t work, eth1 is always in public zone after reload. If I omit the —permanent option I can successfully modify the running firewall. But after an reload or a reboot the modification is lost. I found an entry at https://bugs.centos.org/view.php?id=7526 that it is a bug and SL7 might be affected as well. I found a workaround as well. You can add ZONE=trusted to the /etc/sysconfig/netrwork-scripts/ifcfg-eth1 file and eth1 is added to the trusted zone on reboot and firewall reload. There is no ifcfg-virbr0 file, of course. I found an information (Fedora) that you may add fwzone=‚trusted‘ using virsh net-edit, but on save it is deleted in SL7. My question is: Does anyone know how to accomplish it for virbr0 in SL7? Thanks in advance PB — Dr. Peter Boy Universität Bremen Mary-Somerville-Str. 5 28359 Bremen Germany [email protected] www.zes.uni-bremen.de ———————————————— Are you looking for a web content management system for scientific research organizations? Have a look at http://www.scientificcms.org
