Hi, Please send 'iptables -L -nv' output when you are sending the DNS/console traffic. So that we can find which rules are actually blocking the traffic.
Thanks, Jayapal On 29-Aug-2013, at 12:28 AM, Maurice Lawler <maurice.law...@me.com> wrote: > Hello folks, > > I have a couple issues with the iptables showed below. > > 1) When enabled, I find that I cannot resolve DNS (ie: ping google.com) or > even yum update etc. > > 2) When enabled, I am also unable to view the console. > > When I disable both issues go away. > > Please assist. > > -Maurice > > ################################################3 > > [root@cloud ~]# cat /etc/sysconfig/iptables > # Generated by iptables-save v1.4.7 on Fri Aug 16 15:30:37 2013 > *mangle > :PREROUTING ACCEPT [0:0] > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill > -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill > COMMIT > *nat > :PREROUTING ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > COMMIT > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :BF-cloudbr0 - [0:0] > :BF-cloudbr0-IN - [0:0] > :BF-cloudbr0-OUT - [0:0] > :s-1-VM - [0:0] > :v-2-VM - [0:0] > -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT > -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT > -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT > -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT > -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT > -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 9090 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 8250 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 7080 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT > -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT > -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT > -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT > -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 16509 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT > -A FORWARD -o cloudbr0 -m physdev --physdev-is-bridged -j BF-cloudbr0 > -A FORWARD -i cloudbr0 -m physdev --physdev-is-bridged -j BF-cloudbr0 > -A FORWARD -o cloudbr0 -j DROP > -A FORWARD -i cloudbr0 -j DROP > -A FORWARD -i virbr0 -o virbr0 -j ACCEPT > -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable > -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable > -A FORWARD -i virbr0 -o virbr0 -j ACCEPT > -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable > -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable > -A BF-cloudbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT > -A BF-cloudbr0 -m physdev --physdev-is-in --physdev-is-bridged -j > BF-cloudbr0-IN > -A BF-cloudbr0 -m physdev --physdev-is-out --physdev-is-bridged -j > BF-cloudbr0-OUT > -A BF-cloudbr0 -m physdev --physdev-out eth0 --physdev-is-bridged -j ACCEPT > -A BF-cloudbr0-IN -m physdev --physdev-in vnet1 --physdev-is-bridged -j > s-1-VM > -A BF-cloudbr0-IN -m physdev --physdev-in vnet2 --physdev-is-bridged -j > s-1-VM > -A BF-cloudbr0-IN -m physdev --physdev-in vnet3 --physdev-is-bridged -j > s-1-VM > -A BF-cloudbr0-IN -m physdev --physdev-in vnet5 --physdev-is-bridged -j > v-2-VM > -A BF-cloudbr0-IN -m physdev --physdev-in vnet6 --physdev-is-bridged -j > v-2-VM > -A BF-cloudbr0-OUT -m physdev --physdev-out vnet1 --physdev-is-bridged -j > s-1-VM > -A BF-cloudbr0-OUT -m physdev --physdev-out vnet2 --physdev-is-bridged -j > s-1-VM > -A BF-cloudbr0-OUT -m physdev --physdev-out vnet3 --physdev-is-bridged -j > s-1-VM > -A BF-cloudbr0-OUT -m physdev --physdev-out vnet5 --physdev-is-bridged -j > v-2-VM > -A BF-cloudbr0-OUT -m physdev --physdev-out vnet6 --physdev-is-bridged -j > v-2-VM > -A s-1-VM -m physdev --physdev-in vnet1 --physdev-is-bridged -j RETURN > -A s-1-VM -m physdev --physdev-in vnet2 --physdev-is-bridged -j RETURN > -A s-1-VM -m physdev --physdev-in vnet3 --physdev-is-bridged -j RETURN > -A s-1-VM -j ACCEPT > -A v-2-VM -m physdev --physdev-in vnet5 --physdev-is-bridged -j RETURN > -A v-2-VM -m physdev --physdev-in vnet6 --physdev-is-bridged -j RETURN > -A v-2-VM -j ACCEPT > COMMIT > # Completed on Fri Aug 16 15:30:37 2013 > [root@cloud ~]# >
