This rule will reject all the ingress activities: "REJECT all -- anywhere
anywhere reject-with icmp-host-prohibited"
You can try:
iptables -I INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT
to allow console access.
From: Maurice Lawler [mailto:maurice.law...@me.com]
Sent: Wednesday, April 17, 2013 7:48 PM
To: Cloud Dev
Cc: us...@cloudstack.apache.org; us...@cloudstack.apache.org
Subject: IP tables blocking KVM/Console
I have stopped iptables at least 15 times, because it keeps blocking my console
access to my instances. How can I either A) disable Iptables all together / b
add a rule to allow it's access.
Right now, it has this:
[root@lunder ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp
dpts:49152:49216
ACCEPT tcp -- anywhere anywhere tcp
dpts:vnc-server:synchronet-db
ACCEPT tcp -- anywhere anywhere tcp dpt:16509
ACCEPT tcp -- anywhere anywhere tcp dpt:websm
ACCEPT tcp -- anywhere anywhere tcp dpt:8250
ACCEPT tcp -- anywhere anywhere tcp dpt:empowerid
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:ssh
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@lunder ~]#
But there was plenty of other rules previously to my stopping it.
