Re: [libvirt-users] Getting nwfilter to work on Debian Wheezy
2013/7/8 Sven Schwedas > Hi, > > I'm trying to configure nwfilter for KVM, but so far I haven't managed > to figure out a working configuration. > > Network setup: The dom0 (Debian 7.1, kernel 3.2.46-1, libvirt 0.9.12) is > connected via eth0, part of the external subnet 192.168.17.0/24, and has > an additional subnet 192.168.128.160/28 routed to its main address > 192.168.17.125. > > The host's subnet is configured as bridge in virsh: > > > > foo > > > > > > > > > > > > > > > > The domU is configured to use this bridge (static IP configured in DomU): > > > > > > > > > > > > > > > > > > > > >function='0x0'/> > > > > With an empty filter, connectivity is working fine. Now, if I add the > example ruleset suggested in the documentation ( > http://libvirt.org/formatnwfilter.html#nwfwriteexample ), *incoming* > ICMP works (but not outgoing), and inbound SSH traffic is blocked, > together with outbound DNS. > > The linked rules produce the following iptables chains: > > > Chain INPUT (policy ACCEPT) > > target prot opt source destination > > libvirt-host-in all -- 0.0.0.0/00.0.0.0/0 > > ACCEPT udp -- 0.0.0.0/00.0.0.0/0udp dpt:53 > > ACCEPT tcp -- 0.0.0.0/00.0.0.0/0tcp dpt:53 > > ACCEPT udp -- 0.0.0.0/00.0.0.0/0udp dpt:67 > > ACCEPT tcp -- 0.0.0.0/00.0.0.0/0tcp dpt:67 > > > > Chain FORWARD (policy ACCEPT) > > target prot opt source destination > > libvirt-in all -- 0.0.0.0/00.0.0.0/0 > > libvirt-out all -- 0.0.0.0/00.0.0.0/0 > > libvirt-in-post all -- 0.0.0.0/00.0.0.0/0 > > ACCEPT all -- 0.0.0.0/0192.168.128.160/28 > > ACCEPT all -- 192.168.128.160/28 0.0.0.0/0 > > ACCEPT all -- 0.0.0.0/00.0.0.0/0 > > REJECT all -- 0.0.0.0/00.0.0.0/0 > reject-with icmp-port-unreachable > > REJECT all -- 0.0.0.0/00.0.0.0/0 > reject-with icmp-port-unreachable > > > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > > > Chain FI-vnet0 (1 references) > > target prot opt source destination > > RETURN tcp -- 0.0.0.0/00.0.0.0/0tcp > spt:22 state ESTABLISHED ctdir ORIGINAL > > RETURN tcp -- 0.0.0.0/00.0.0.0/0tcp > spt:80 state ESTABLISHED ctdir ORIGINAL > > RETURN icmp -- 0.0.0.0/00.0.0.0/0state > NEW,ESTABLISHED ctdir REPLY > > RETURN udp -- 0.0.0.0/00.0.0.0/0udp > dpt:53 state NEW,ESTABLISHED ctdir REPLY > > DROP all -- 0.0.0.0/00.0.0.0/0 > > > > Chain FO-vnet0 (1 references) > > target prot opt source destination > > ACCEPT tcp -- 0.0.0.0/00.0.0.0/0tcp > dpt:22 state NEW,ESTABLISHED ctdir REPLY > > ACCEPT tcp -- 0.0.0.0/00.0.0.0/0tcp > dpt:80 state NEW,ESTABLISHED ctdir REPLY > > ACCEPT icmp -- 0.0.0.0/00.0.0.0/0state > ESTABLISHED ctdir ORIGINAL > > ACCEPT udp -- 0.0.0.0/00.0.0.0/0udp > spt:53 state ESTABLISHED ctdir ORIGINAL > > DROP all -- 0.0.0.0/00.0.0.0/0 > > > > Chain HI-vnet0 (1 references) > > target prot opt source destination > > RETURN tcp -- 0.0.0.0/00.0.0.0/0tcp > spt:22 state ESTABLISHED ctdir ORIGINAL > > RETURN tcp -- 0.0.0.0/00.0.0.0/0tcp > spt:80 state ESTABLISHED ctdir ORIGINAL > > RETURN icmp -- 0.0.0.0/00.0.0.0/0state > NEW,ESTABLISHED ctdir REPLY > > RETURN udp -- 0.0.0.0/00.0.0.0/0udp > dpt:53 state NEW,ESTABLISHED ctdir REPLY > > DROP all -- 0.0.0.0/00.0.0.0/0 > > > > Chain libvirt-host-in (1 references) > > target prot opt source destination > > HI-vnet0 all -- 0.0.0.0/00.0.0.0/0 [goto] > PHYSDEV match --physdev-in vnet0 > > > > Chain libvirt-in (1 references) > > target prot opt source destination > > FI-vnet0 all -- 0.0.0.0/00.0.0.0/0 [goto] > PHYSDEV match --physdev-in vnet0 > > > > Chain libvirt-in-post (1 references) > > target prot opt source destination > > ACCEPT all -- 0.0.0.0/00.0.0.0/0PHYSDEV > match --physdev-in vnet0 > > > > Chain libvirt-out (1 references) > > target prot opt source destination > > FO-vnet0 all -- 0.0.0.0/00.0.0.0/0 [goto] > PHYSDEV match --physdev-out vnet0 > > I've tried fidgeting with the configuration (direction inout instead of > in/out, etc.), but I didn't find a setup that works as intended. What am > I missing? I always use ebtables inst
Re: [libvirt-users] guests not shutting down when host shuts down - SOLVED
> > > Hi, > > for the Ubuntu guest i found a solution: > > http://ubuntuforums.org/showthread.php?t=1972464 > > > Bernd > The windows guest didn't shutdown because i had a remotedesktop seesion on it. After finishing it windows shut down properly. Bernd Helmholtz Zentrum München Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) Ingolstädter Landstr. 1 85764 Neuherberg www.helmholtz-muenchen.de Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe Geschäftsführer: Prof. Dr. Günther Wess Dr. Nikolaus Blum Dr. Alfons Enhsen Registergericht: Amtsgericht München HRB 6466 USt-IdNr: DE 129521671 ___ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
[libvirt-users] Connect issue - libvirt.dylib
Hi All, I am trying to use libvirt to connect to hypervisor. I need some help with this. 1. I am using mac os - Mountain Lion. 2. I have installed libvirt using macports. 3. I am able to connect to the vcenter server using virsh tool. 4. However i am not able to connect using libvirt java program. The issue it seems that virt library cannot be found. (Sample output attached). The question is how do i get libvirt.dylib on my mac. Any pointers would be really helpful Re, Utpal Exception in thread "main" java.lang.UnsatisfiedLinkError: Unable to load library 'virt': Native library (darwin/libvirt.dylib) not found in resource path ___ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
Re: [libvirt-users] guests not shutting down when host shuts down
Bernd wrote: > > > > What's the LIBVIRTD_KVM_SHUTDOWN value (on my system it's in > > /etc/conf.d/libvirtd)? You want it to be 'shutdown'. > > > > Michal > > > > Hi Michal, > > i have neither this variable nor that file. > But i have /etc/syconfig/libvirt-guests: > > > pc59093:/var/log/libvirt/qemu # cat /etc/sysconfig/libvirt-guests > ## Path: System/Virtualization/libvirt > ## Type: string > ## Default: default > # URIs to check for running guests > # example: URIS='default xen:/// vbox+tcp://host/system lxc:///' > URIS=default > > ## Type: string > ## Default: start > # action taken on host boot > # - start all guests which were running on shutdown are > started on boot > # regardless on their autostart settings > # - ignore libvirt-guests init script won't start any guest > on boot, however, > # guests marked as autostart will still be > automatically started by > # libvirtd > ON_BOOT=start > > ## Type: integer > ## Default: 0 > # number of seconds to wait between each guest start > START_DELAY=0 > > ## Type: string > ## Default: suspend > # action taken on host shutdown > # - suspend all running guests are suspended using virsh managedsave > # - shutdown all running guests are asked to shutdown. > Please be careful with > # this settings since there is no way to > distinguish between a > # guest which is stuck or ignores shutdown > requests and a guest > # which just needs a long time to shutdown. When setting > # ON_SHUTDOWN=shutdown, you must also set > SHUTDOWN_TIMEOUT to a > # value suitable for your guests. > ON_SHUTDOWN=shutdown > = > > I changed "ON_SHUTDOWN" already from suspend to shutdown. I > think this should be the same. > > > Bernd > Hi, for the Ubuntu guest i found a solution: http://ubuntuforums.org/showthread.php?t=1972464 Bernd Helmholtz Zentrum München Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) Ingolstädter Landstr. 1 85764 Neuherberg www.helmholtz-muenchen.de Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe Geschäftsführer: Prof. Dr. Günther Wess Dr. Nikolaus Blum Dr. Alfons Enhsen Registergericht: Amtsgericht München HRB 6466 USt-IdNr: DE 129521671 ___ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
Re: [libvirt-users] guests not shutting down when host shuts down
Michal wrote: > -Original Message- > From: Michal Privoznik [mailto:mpriv...@redhat.com] > Sent: Wednesday, July 10, 2013 12:45 PM > To: Lentes, Bernd > Cc: libvirt-ML (libvirt-users@redhat.com) > Subject: Re: [libvirt-users] guests not shutting down when > host shuts down > > On 10.07.2013 11:37, Lentes, Bernd wrote: > > Hi, > > > > i have a SLES 11 SP2 64bit host with three guests: > > - Windows XP 32 > > - Ubuntu 12.04 LTS 64bit > > - SLES 11 SP2 64bit > > > > The SLES guest shuts down with the host shutdown. The > others not. When i shutdown these two guests with the > virt-manager, they shutdown fine. > > ACPI is activated in virt-manager for both of them. Acpid > is running in the Ubuntu Client. > > When the host shuts down, the two guests get a signal > (excerpt from the log of the host:) > > > > === > > 2013-07-07 16:39:51.674: starting up > > LC_ALL=C PATH=/bin:/sbin:/usr/bin:/usr/sbin HOME=/ > QEMU_AUDIO_DRV=none /usr/bin/qemu-kvm -S -M pc-0.15 > -enable-kvm -m 1025 -smp 1,sockets=1,cores=1,threads=1 -name > greensql_2 -uuid 2cfbac9c-dbb2-c4bf-4aba-2d18dc49d18e > -nodefconfig -nodefaults -chardev > socket,id=charmonitor,path=/var/lib/libvirt/qemu/greensql_2.mo > nitor,server,nowait -mon > chardev=charmonitor,id=monitor,mode=control -rtc base=utc > -no-shutdown -drive > file=/var/lib/kvm/images/greensql_2/disk0.raw,if=none,id=drive > -ide0-0-0,format=raw -device > ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bo > otindex=1 -drive > if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw > -device > ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 > -netdev tap,fd=17,id=hostnet0,vhost=on,vhostfd=20 -device > virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:37:92:a9,b > us=pci.0,addr=0x3 -usb -vnc 127.0.0.1:2 -vga cirrus -device > virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4 > > Domain id=3 is tainted: high-privileges > > > > qemu: terminating on signal 15 from pid 24958 > > > > 2013-07-08 13:58:29.651: starting up > > == > > > > I'm a bit astonished about "no-shutdown" in the > commandline, but the sles guest also has it in its > commandline, so it should not bother. > > > > I'm using kvm-0.15.1-0.23.1, libvirt-client-0.9.6-0.23.1, > libvirt-0.9.6-0.23.1 and virt-manager-0.9.0-3.19.1 in the host. > > > > Thanks for any help. > > > > > > Bernd > > > > What's the LIBVIRTD_KVM_SHUTDOWN value (on my system it's in > /etc/conf.d/libvirtd)? You want it to be 'shutdown'. > > Michal > Hi Michal, i have neither this variable nor that file. But i have /etc/syconfig/libvirt-guests: pc59093:/var/log/libvirt/qemu # cat /etc/sysconfig/libvirt-guests ## Path: System/Virtualization/libvirt ## Type: string ## Default: default # URIs to check for running guests # example: URIS='default xen:/// vbox+tcp://host/system lxc:///' URIS=default ## Type: string ## Default: start # action taken on host boot # - start all guests which were running on shutdown are started on boot # regardless on their autostart settings # - ignore libvirt-guests init script won't start any guest on boot, however, # guests marked as autostart will still be automatically started by # libvirtd ON_BOOT=start ## Type: integer ## Default: 0 # number of seconds to wait between each guest start START_DELAY=0 ## Type: string ## Default: suspend # action taken on host shutdown # - suspend all running guests are suspended using virsh managedsave # - shutdown all running guests are asked to shutdown. Please be careful with # this settings since there is no way to distinguish between a # guest which is stuck or ignores shutdown requests and a guest # which just needs a long time to shutdown. When setting # ON_SHUTDOWN=shutdown, you must also set SHUTDOWN_TIMEOUT to a # value suitable for your guests. ON_SHUTDOWN=shutdown = I changed "ON_SHUTDOWN" already from suspend to shutdown. I think this should be the same. Bernd Helmholtz Zentrum München Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) Ingolstädter Landstr. 1 85764 Neuherberg www.helmholtz-muenchen.de Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe Geschäftsführer: Prof. Dr. Günther Wess Dr. Nikolaus Blum Dr. Alfons Enhsen Registergericht: Amtsgericht München HRB 6466 USt-IdNr: DE 129521671 ___ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
Re: [libvirt-users] Libvirt and Glusterfs
On 2013-07-10 11:42, Vijay Bellur wrote: > On 07/09/2013 08:18 PM, Olivier Mauras wrote: > >> On 2013-07-09 09:40, Vijay Bellur wrote: >> Hi, I'm trying to use qemu native glusterfs integration with libvirt. It's all working well from the qemu side, but libvirt fails to start a domain with a gluster drive or attach a drive. I have exactly the same error as this person: https://www.redhat.com/archives/libvirt-users/2013-April/msg00204.html [1] I use qemu 1.5.1 with glusterfs 3.4 beta 4 and libvirt 1.0.6. [root bbox ~]# virsh start test error: Failed to start domain test error: internal error process exited while connecting to monitor: char device redirected to /dev/pts/3 (label charserial0) qemu-system-x86_64: -drive file=gluster://127.0.0.1/vol0/test0.img,if=none,id=drive-virtio-disk1,format=raw: Gluster connection failed for server=127.0.0.1 port=0 volume=vol0 image=test0.img transport=tcp qemu-system-x86_64: -drive file=gluster://127.0.0.1/vol0/test0.img,if=none,id=drive-virtio-disk1,format=raw: could not open disk image gluster://127.0.0.1/vol0/test0.img: No data available >>> Do you observe errors in the logs from gluster bricks that make up vol0? Brick logs are available at /var/log/glusterfs/bricks. Thanks, Vijay >> Hi Vijay, Thanks for your answer. I did reset the files and tried to attach the device using: virsh attach-device test /tmp/gluster_disk.xml # virsh attach-device test /tmp/gluster_disk.xml error: Failed to attach device from /tmp/gluster_disk.xml error: operation failed: open disk image file failed Sadly, nothing reported in ...bricks/*.log > > Do you notice anything in glusterd.log? Can you try by performing the > following configuration changes: > > 1) gluster volume set vol0 server.allow-insecure on > > 2) Edit /etc/glusterfs/glusterd.vol to contain this line: > option rpc-auth-allow-insecure on > > Post 2), restarting glusterd would be necessary. > > Thanks, > Vijay Thanks Vijay it now works correctly!! I guess i should configure something to have SSL enabled... Will check that. Thanks again for your help! Links: -- [1] https://www.redhat.com/archives/libvirt-users/2013-April/msg00204.html ___ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
Re: [libvirt-users] guests not shutting down when host shuts down
On 10.07.2013 11:37, Lentes, Bernd wrote: > Hi, > > i have a SLES 11 SP2 64bit host with three guests: > - Windows XP 32 > - Ubuntu 12.04 LTS 64bit > - SLES 11 SP2 64bit > > The SLES guest shuts down with the host shutdown. The others not. When i > shutdown these two guests with the virt-manager, they shutdown fine. > ACPI is activated in virt-manager for both of them. Acpid is running in the > Ubuntu Client. > When the host shuts down, the two guests get a signal (excerpt from the log > of the host:) > > === > 2013-07-07 16:39:51.674: starting up > LC_ALL=C PATH=/bin:/sbin:/usr/bin:/usr/sbin HOME=/ QEMU_AUDIO_DRV=none > /usr/bin/qemu-kvm -S -M pc-0.15 -enable-kvm -m 1025 -smp > 1,sockets=1,cores=1,threads=1 -name greensql_2 -uuid > 2cfbac9c-dbb2-c4bf-4aba-2d18dc49d18e -nodefconfig -nodefaults -chardev > socket,id=charmonitor,path=/var/lib/libvirt/qemu/greensql_2.monitor,server,nowait > -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown > -drive > file=/var/lib/kvm/images/greensql_2/disk0.raw,if=none,id=drive-ide0-0-0,format=raw > -device > ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 > -drive if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device > ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -netdev > tap,fd=17,id=hostnet0,vhost=on,vhostfd=20 -device > virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:37:92:a9,bus=pci.0,addr=0x3 > -usb -vnc 127.0.0.1:2 -vga cirrus -device > virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4 > Domain id=3 is tainted: high-privileges > > qemu: terminating on signal 15 from pid 24958 > > 2013-07-08 13:58:29.651: starting up > == > > I'm a bit astonished about "no-shutdown" in the commandline, but the sles > guest also has it in its commandline, so it should not bother. > > I'm using kvm-0.15.1-0.23.1, libvirt-client-0.9.6-0.23.1, > libvirt-0.9.6-0.23.1 and virt-manager-0.9.0-3.19.1 in the host. > > Thanks for any help. > > > Bernd > What's the LIBVIRTD_KVM_SHUTDOWN value (on my system it's in /etc/conf.d/libvirtd)? You want it to be 'shutdown'. Michal ___ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
Re: [libvirt-users] Libvirt and Glusterfs
On 07/09/2013 08:18 PM, Olivier Mauras wrote: On 2013-07-09 09:40, Vijay Bellur wrote: Hi, I'm trying to use qemu native glusterfs integration with libvirt. It's all working well from the qemu side, but libvirt fails to start a domain with a gluster drive or attach a drive. I have exactly the same error as this person: https://www.redhat.com/archives/libvirt-users/2013-April/msg00204.html I use qemu 1.5.1 with glusterfs 3.4 beta 4 and libvirt 1.0.6. [root bbox ~]# virsh start test error: Failed to start domain test error: internal error process exited while connecting to monitor: char device redirected to /dev/pts/3 (label charserial0) qemu-system-x86_64: -drive file=gluster://127.0.0.1/vol0/test0.img,if=none,id=drive-virtio-disk1,format=raw: Gluster connection failed for server=127.0.0.1 port=0 volume=vol0 image=test0.img transport=tcp qemu-system-x86_64: -drive file=gluster://127.0.0.1/vol0/test0.img,if=none,id=drive-virtio-disk1,format=raw: could not open disk image gluster://127.0.0.1/vol0/test0.img: No data available Do you observe errors in the logs from gluster bricks that make up vol0? Brick logs are available at /var/log/glusterfs/bricks. Thanks, Vijay Hi Vijay, Thanks for your answer. I did reset the files and tried to attach the device using: virsh attach-device test /tmp/gluster_disk.xml # virsh attach-device test /tmp/gluster_disk.xml error: Failed to attach device from /tmp/gluster_disk.xml error: operation failed: open disk image file failed Sadly, nothing reported in ...bricks/*.log Do you notice anything in glusterd.log? Can you try by performing the following configuration changes: 1) gluster volume set vol0 server.allow-insecure on 2) Edit /etc/glusterfs/glusterd.vol to contain this line: option rpc-auth-allow-insecure on Post 2), restarting glusterd would be necessary. Thanks, Vijay ___ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
[libvirt-users] guests not shutting down when host shuts down
Hi, i have a SLES 11 SP2 64bit host with three guests: - Windows XP 32 - Ubuntu 12.04 LTS 64bit - SLES 11 SP2 64bit The SLES guest shuts down with the host shutdown. The others not. When i shutdown these two guests with the virt-manager, they shutdown fine. ACPI is activated in virt-manager for both of them. Acpid is running in the Ubuntu Client. When the host shuts down, the two guests get a signal (excerpt from the log of the host:) === 2013-07-07 16:39:51.674: starting up LC_ALL=C PATH=/bin:/sbin:/usr/bin:/usr/sbin HOME=/ QEMU_AUDIO_DRV=none /usr/bin/qemu-kvm -S -M pc-0.15 -enable-kvm -m 1025 -smp 1,sockets=1,cores=1,threads=1 -name greensql_2 -uuid 2cfbac9c-dbb2-c4bf-4aba-2d18dc49d18e -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/greensql_2.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -drive file=/var/lib/kvm/images/greensql_2/disk0.raw,if=none,id=drive-ide0-0-0,format=raw -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -drive if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -netdev tap,fd=17,id=hostnet0,vhost=on,vhostfd=20 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:37:92:a9,bus=pci.0,addr=0x3 -usb -vnc 127.0.0.1:2 -vga cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4 Domain id=3 is tainted: high-privileges qemu: terminating on signal 15 from pid 24958 2013-07-08 13:58:29.651: starting up == I'm a bit astonished about "no-shutdown" in the commandline, but the sles guest also has it in its commandline, so it should not bother. I'm using kvm-0.15.1-0.23.1, libvirt-client-0.9.6-0.23.1, libvirt-0.9.6-0.23.1 and virt-manager-0.9.0-3.19.1 in the host. Thanks for any help. Bernd -- Bernd Lentes Systemadministration Institut für Entwicklungsgenetik Gebäude 35.34 - Raum 208 HelmholtzZentrum münchen bernd.len...@helmholtz-muenchen.de phone: +49 89 3187 1241 fax: +49 89 3187 2294 http://www.helmholtz-muenchen.de/idg Wer nichts verdient außer Geld verdient nichts außer Geld Helmholtz Zentrum München Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) Ingolstädter Landstr. 1 85764 Neuherberg www.helmholtz-muenchen.de Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe Geschäftsführer: Prof. Dr. Günther Wess Dr. Nikolaus Blum Dr. Alfons Enhsen Registergericht: Amtsgericht München HRB 6466 USt-IdNr: DE 129521671 ___ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
[libvirt-users] The firewall just doesn't make any sense
Okay, some more fiddling: If I try the second filterset from the second example from the documentation ( http://libvirt.org/formatnwfilter.html#nwfwriteexample2nd ), the resulting firewall rules make even less sense. To quote, what it should do: > opens only TCP ports 22 and 80 of a VM's interface > allows the VM to send ping traffic from an interface but not let the VM be > pinged on the interface > allows the VM to do DNS lookups (UDP towards port 53) > enable an ftp server (in active mode) to be run inside the VM What it does: Opens all incoming ports Allows the VM to be pinged Blocks all outgoing traffic (except ICMP, but I suspect that's only because ICMP filtering does not work at all, see above) Prevents an ftp server from running in active mode This is bullshit. How do I get the nwfilter firewall to run properly? -- Mit freundlichen Grüßen, / Best Regards, Sven SCHWEDAS Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwe...@tao.at | +43 (0)680 301 7167 http://software.tao.at signature.asc Description: OpenPGP digital signature ___ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
