Howto make Firewalld allow remote SSH into a Virtual Machine?

Bill Davidsen davidsen at tmr.com
Wed Jul 24 20:45:33 UTC 2013


Darryl L. Pierce wrote:
> On Wed, Jul 24, 2013 at 02:55:56PM +0200, Patrick Lists wrote:
>> Hi,
>>
>> I just did a fresh F19 x86_64 install on my workstation, copied a
>> Virtual Machine to it and started the VM (has IP addr
>> 192.168.122.20). Now I would like to be able to ssh into the VM from
>> another box on my local LAN like my laptop. Thus far I can't make it
>> work. Steps:
>>
>> Opened firewall-config
>>
>> Set the firewall zone of my Ethernet interface to Trusted:
>> Options -> Change Zone of Connections -> <interface> -> Edit ->
>> General -> Firewall zone -> Trusted
>> Click on the reload icon
>>
>> Set the default zone to Trusted:
>> Options -> Change Default Zone -> Trusted
>> Click on the reload icon
>>
>> Results:
>> Can not ping VM from laptop:
>>
>> [patrick at laptop ~]$ ping 192.168.122.20
>> PING 192.168.122.20 (192.168.122.20) 56(84) bytes of data.
>>  From 10.0.0.135 icmp_seq=1 Destination Port Unreachable
>>
>> Can not ssh from the laptop to the VM:
>>
>> [patrick at laptop ~]$ ssh 192.168.122.20
>> ssh: connect to host 192.168.122.20 port 22: Connection refused
>>
>> On the workstation IPv4 forwarding is on:
>> $ cat /proc/sys/net/ipv4/ip_forward
>> 1
>>
>> So how do I make firewalld allow pings and ssh from remote hosts?
>
> So I'll be honest: I originally uninstalled firewalld because (at the
> time) I didn't want to mess with learning to set it up. :D
>
> I installed it today and played around with it and have a question for
> you: were you editing the "Runtime" or the "Permanent" configuration? If
> you were editing runtime and then hit reload then you overwrote your
> changes with the permanent config which you didn't modify.
>
Yes, I found that when I was first using firewalld, I kept looking for a button 
or menu item like "install my changes." And it might be a good thing not to make 
changes active until all changes have been entered. It's a user interface issue, 
for the moment I don't use it for tricky stuff, but it works well for typical 
cases. I'm not sure it's really easier to use than iptables rules, but choices 
are good.

-- 
Bill Davidsen <davidsen at tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot


More information about the users mailing list