On 2020-08-17 11:45, Robert Moskowitz wrote: > > > On 8/16/20 11:42 PM, Ed Greshko wrote: >> On 2020-08-17 11:40, Robert Moskowitz wrote: >>> No I don't >>> >>> # firewall-cmd --info-zone=libvirt >>> libvirt (active) >>> target: ACCEPT >>> icmp-block-inversion: no >>> interfaces: virbr0 >>> sources: >>> services: dhcp dhcpv6 dns ssh tftp >>> ports: >>> protocols: icmp ipv6-icmp >>> masquerade: no >>> forward-ports: >>> source-ports: >>> icmp-blocks: >>> rich rules: >>> rule priority="32767" reject >> >> Well, connections from a QEMU guest come via the virbr0 interface which is >> in the libvirt zone. >> >> So, you'll need to add that port for ssh to work. > > > Thanks for leading me to the problem. I will read up on this in the morning > and get it working (I know you are half-way around the world from me!).
firewall-cmd --permanent --zone=libvirt --add-port=745/tcp should be sufficient. > > I have dealt with firewall zones on 'real' firewalls. Just never really > spent the time on a host config. But until know, the host was always an > endpoint. > > -- The key to getting good answers is to ask good questions.
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
