Howto make Firewalld allow remote SSH into a Virtual Machine?

Patrick Lists fedora-list at puzzled.xs4all.nl
Wed Jul 24 14:30:45 UTC 2013 

On 07/24/2013 04:21 PM, Ed Greshko wrote:
> On 07/24/13 20:55, Patrick Lists wrote:
>> Hi,
>>
>> I just did a fresh F19 x86_64 install on my workstation, copied a Virtual Machine to it and started the VM (has IP addr 192.168.122.20). Now I would like to be able to ssh into the VM from another box on my local LAN like my laptop. Thus far I can't make it work. Steps:
>>
>> Opened firewall-config
>>
>> Set the firewall zone of my Ethernet interface to Trusted:
>> Options -> Change Zone of Connections -> <interface> -> Edit -> General -> Firewall zone -> Trusted
>> Click on the reload icon
>>
>> Set the default zone to Trusted:
>> Options -> Change Default Zone -> Trusted
>> Click on the reload icon
>>
>> Results:
>> Can not ping VM from laptop:
>>
>> [patrick at laptop ~]$ ping 192.168.122.20
>> PING 192.168.122.20 (192.168.122.20) 56(84) bytes of data.
>>  From 10.0.0.135 icmp_seq=1 Destination Port Unreachable
>>
>> Can not ssh from the laptop to the VM:
>>
>> [patrick at laptop ~]$ ssh 192.168.122.20
>> ssh: connect to host 192.168.122.20 port 22: Connection refused
>>
>> On the workstation IPv4 forwarding is on:
>> $ cat /proc/sys/net/ipv4/ip_forward
>> 1
>>
>> So how do I make firewalld allow pings and ssh from remote hosts?
>>
>
> Looking at the above leads me to several questions......
>
> What has the IP address of 10.0.0.135?

That's the IP address of the workstation with the fresh F19 install.

> What type of VM are we talking about?

The VM is a CentOS 6 x86_64 installation with ssh service enabled, 
running and port 22 opened in iptables.

> Is the VM network interface defined as NAT or Host Only?

Its' NAT. In virt-manager the VM's hardware details say:
Source device: Virtual Network 'default': NAT
Device Model: virtio

FWIW: when I stop firewalld I can ping and ssh the VM fine.

> FWIW, I find that with VirtualBox things go more smoothly with respect to external connections if the network interface of the VM is "bridged" to the host.

Glad to hear it works for you. I'm not too keen on anything Oracle and 
having to install additional stuff so I'll stick with Fedora's 
Virtualization.

Regards,
Patrick

More information about the users mailing list