Bug 1255425
Summary: | Automatically configured firewall denies access of VMs to network | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | movciari |
Component: | ovirt-hosted-engine-setup | Assignee: | Sandro Bonazzola <sbonazzo> |
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Artyom <alukiano> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 3.5.4 | CC: | amureini, ecohen, gklein, istein, lsurette, movciari, stirabos, ylavi |
Target Milestone: | --- | Keywords: | Regression, Unconfirmed |
Target Release: | 3.6.0 | Flags: | stirabos:
needinfo-
|
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | integration | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-09-08 11:12:50 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
movciari
2015-08-20 14:29:40 UTC
I wasn't able to reproduce with hosted-engine from oVirt 3.6 Third Beta. On my host I got this IPTables configuration: [root@c7120150824he35u36 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:54321 ACCEPT tcp -- anywhere anywhere tcp dpt:sunrpc ACCEPT udp -- anywhere anywhere udp dpt:sunrpc ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:snmp ACCEPT tcp -- anywhere anywhere tcp dpt:16514 ACCEPT tcp -- anywhere anywhere multiport dports rfb:6923 ACCEPT tcp -- anywhere anywhere multiport dports 49152:49216 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere PHYSDEV match ! --physdev-is-bridged reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@c7120150824he35u36 ~]# Could you please attach the problematic one? Reducing severity and priority since we can't reproduce. movciari please provide needed info in order to reproduce. Put qe_test_coverage since this bug flow is tested normally in the RHEV QE automation env. Tested by alukiano, and didn't have such problem, on latest HE build for 3.6, on august 30 2015. Michal, please reopen if you provide the needed info. |