[opensuse] tumbleweed update - firewalld blocking qemu-guests
Hi, updated tumbleweed from: 20190607 -> 20191002 i have a bridge network for qemu. using virt-manager for virtualization. before update my guests where inside my home-network accessible with ssh from all computers. after the update only the host computer could ssh to the guests. no other computer from network will work: ssh: connect to host visume port 22: No route to host ping is working. when i stop firewalld at the host, all computers from network are able to connect to the virtual computers. the bridge has open ssh ports what has changed? i do not see anithing. (i am not expert with firewalld, i use yast firewall) is there somewhere a config file where some standarts have changed? simoN -- www.becherer.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 2019-10-05 at 19:43 +0200, Simon Becherer wrote:
Hi,
updated tumbleweed from: 20190607 -> 20191002
i have a bridge network for qemu. using virt-manager for virtualization.
before update my guests where inside my home-network accessible with ssh from all computers.
after the update only the host computer could ssh to the guests. no other computer from network will work:
ssh: connect to host visume port 22: No route to host ping is working.
when i stop firewalld at the host, all computers from network are able to connect to the virtual computers.
the bridge has open ssh ports
what has changed? i do not see anithing. (i am not expert with firewalld, i use yast firewall) is there somewhere a config file where some standarts have changed?
I had the same problem a few months ago and found this: https://superuser.com/questions/990855/configure-firewalld-to-allow-bridged-... You'll need to change bridge0 to your bridge name. I think that libvirt needs some change to work with firewalld. Mark -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am 06.10.19 um 00:36 schrieb Mark Petersen:
I had the same problem a few months ago and found this:
https://superuser.com/questions/990855/configure-firewalld-to-allow-bridged-...
You'll need to change bridge0 to your bridge name.
I think that libvirt needs some change to work with firewalld.
Mark
Thanks, i have found it also, but was thinking there must be another solution because before it was running fine.... but it is working. it generates a file: /etc/firewalld/direct.xml <?xml version="1.0" encoding="utf-8"?> <direct> <passthrough ipv="ipv4">-I FORWARD -i br0 -j ACCEPT</passthrough> <passthrough ipv="ipv4">-O FORWARD -i br0 -j ACCEPT</passthrough> </direct> this file was before not on my system, so before update there was another mechanism to work correct. simoN -- www.becherer.de -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Simon Becherer wrote:
this file was before not on my system, so before update there was another mechanism to work correct.
Have you looked at a snapshot diff of the firewalld dirctory? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Mark Petersen -
Peter Suetterlin -
Simon Becherer