As reported by Piotr Kliczewski http://lists.ovirt.org/pipermail/users/2014-March/022186.html as well, after installing an all-in-one host, I was unable to connect to VMs over spice until doing service iptables restart ovirt-engine-setup-plugin-allinone-3.4.0-0.12.master.20140228075627.el6.noarch ovirt-engine-setup-3.4.0-0.12.master.20140228075627.el6.noarch
Trying to reproduce: http://ur1.ca/gugmq the only change after service iptables restart is: -:OUTPUT ACCEPT [8375:4438221] +:OUTPUT ACCEPT [57:10791] ovirt-engine-setup-plugin-websocket-proxy-3.4.0-0.13.rc.fc19.noarch ovirt-engine-setup-plugin-ovirt-engine-common-3.4.0-0.13.rc.fc19.noarch ovirt-engine-setup-plugin-allinone-3.4.0-0.13.rc.fc19.noarch ovirt-engine-setup-plugin-ovirt-engine-3.4.0-0.13.rc.fc19.noarch ovirt-engine-setup-base-3.4.0-0.13.rc.fc19.noarch ovirt-engine-setup-3.4.0-0.13.rc.fc19.noarch Dan, can you reproduce this?
I must admit that I did not try. Piotr, do you have more information? Sandro, have you started with a fresh EL6 installation, where spice/vnc ports are closed?
Please reopen if you can reproduce. In that case, please attach /var/log/ovirt-engine directory content and iptables-save output before and after service iptables restart. Thanks,