Howto make Firewalld allow remote SSH into a Virtual Machine?

Patrick Lists fedora-list at puzzled.xs4all.nl
Wed Jul 24 14:38:09 UTC 2013 

On 07/24/2013 04:12 PM, Darryl L. Pierce wrote:
> On Wed, Jul 24, 2013 at 02:55:56PM +0200, Patrick Lists wrote:
>> Hi,
>>
>> I just did a fresh F19 x86_64 install on my workstation, copied a
>> Virtual Machine to it and started the VM (has IP addr
>> 192.168.122.20). Now I would like to be able to ssh into the VM from
>> another box on my local LAN like my laptop. Thus far I can't make it
>> work. Steps:
>>
>> Opened firewall-config
>>
>> Set the firewall zone of my Ethernet interface to Trusted:
>> Options -> Change Zone of Connections -> <interface> -> Edit ->
>> General -> Firewall zone -> Trusted
>> Click on the reload icon
>>
>> Set the default zone to Trusted:
>> Options -> Change Default Zone -> Trusted
>> Click on the reload icon
>>
>> Results:
>> Can not ping VM from laptop:
>>
>> [patrick at laptop ~]$ ping 192.168.122.20
>> PING 192.168.122.20 (192.168.122.20) 56(84) bytes of data.
>>  From 10.0.0.135 icmp_seq=1 Destination Port Unreachable
>>
>> Can not ssh from the laptop to the VM:
>>
>> [patrick at laptop ~]$ ssh 192.168.122.20
>> ssh: connect to host 192.168.122.20 port 22: Connection refused
>>
>> On the workstation IPv4 forwarding is on:
>> $ cat /proc/sys/net/ipv4/ip_forward
>> 1
>>
>> So how do I make firewalld allow pings and ssh from remote hosts?
>
> So I'll be honest: I originally uninstalled firewalld because (at the
> time) I didn't want to mess with learning to set it up. :D
>
> I installed it today and played around with it and have a question for
> you: were you editing the "Runtime" or the "Permanent" configuration? If
> you were editing runtime and then hit reload then you overwrote your
> changes with the permanent config which you didn't modify.

Good point. I noticed that too. But when the Zone is "Trusted" you can 
not change anything (neither in Runtime Configuration or Permanent 
Configuration). To try something else I changed the Default Zone and 
Zone of Connections to 'Home' and now I can ping the VM (192.168.120.22) 
from my laptop. But I still get 'ssh: connect to host 192.168.122.20 
port 22: Connection refused' when trying to ssh from my laptop to the VM.

With the Firewalld service stopped I can ping and ssh fine into the VM 
from my laptop.

Regards,
Patrick

More information about the users mailing list