Networking problems, how to turn off firewall?
 

I have been having a number of mysterious networking problems all revolving around my Fedora 20 virtual machine. I have resolved some of them to file permissions issues but some still persist. Basically they are failures to connect (NFS, tftp, snmp) with symptoms that make me think a firewall is involved.

Problem is, I have pretty much disabled every firewall I can find between the systems. One system is a ucLinux embedded system without a firewall at all, the other is my Fedora 20 VM, and I have an Ubuntu VM also. All of them ping each other; all are on the same router; all have addresses like 192.168.*.*. So does the router.

I disabled the firewall on the router by going into it from the browser.
I disabled the firewall on the Fedora VM by opening ports in the GUI, then finally:
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables-save

This produces an iptables file that looks like I would expect, ACCEPT pretty much everywhere.

I disabled the firewall on the Ubuntu VM by way of ufw:
root@instant-contiki:/home/user# ufw status
Status: inactive

But many net ops into that Fedora VM are still failing.

Is there something I have overlooked? Is it possible to have two firewalls running? I have disabled SELinux because that was causing problems also.

This is a pretty vanilla setup and this should be easy. Process dump from Fedora box follows (I noticed firewalld is still running ... hmm...).

[root@localhost eric]# ps -e
PID TTY TIME CMD
1 ? 00:00:01 systemd
2 ? 00:00:00 kthreadd
3 ? 00:00:00 ksoftirqd/0
5 ? 00:00:00 kworker/0:0H
6 ? 00:00:00 kworker/u128:0
7 ? 00:00:00 migration/0
8 ? 00:00:00 rcu_bh
9 ? 00:00:00 rcu_sched
10 ? 00:00:00 khelper
11 ? 00:00:00 kdevtmpfs
12 ? 00:00:00 netns
13 ? 00:00:00 writeback
14 ? 00:00:00 kintegrityd
15 ? 00:00:00 bioset
16 ? 00:00:00 kblockd
17 ? 00:00:00 ata_sff
18 ? 00:00:00 khubd
19 ? 00:00:00 md
44 ? 00:00:00 kswapd0
45 ? 00:00:00 ksmd
46 ? 00:00:00 khugepaged
47 ? 00:00:00 fsnotify_mark
48 ? 00:00:00 crypto
57 ? 00:00:00 kthrotld
58 ? 00:00:00 scsi_eh_0
59 ? 00:00:00 scsi_eh_1
61 ? 00:00:00 kpsmoused
62 ? 00:00:01 kworker/0:2
63 ? 00:00:00 deferwq
69 ? 00:00:00 kauditd
220 ? 00:00:00 mpt_poll_0
221 ? 00:00:00 mpt/0
222 ? 00:00:00 scsi_eh_2
223 ? 00:00:00 ttm_swap
225 ? 00:00:00 kworker/0:1H
294 ? 00:00:00 kdmflush
295 ? 00:00:00 bioset
297 ? 00:00:00 kdmflush
299 ? 00:00:00 bioset
321 ? 00:00:00 jbd2/dm-1-8
322 ? 00:00:00 ext4-rsv-conver
323 ? 00:00:00 ext4-unrsv-conv
394 ? 00:00:00 systemd-journal
414 ? 00:00:00 rpciod
416 ? 00:00:00 lvmetad
424 ? 00:00:00 systemd-udevd
463 ? 00:00:00 jbd2/sda1-8
464 ? 00:00:00 ext4-rsv-conver
465 ? 00:00:00 ext4-unrsv-conv
470 ? 00:00:00 auditd
495 ? 00:00:00 audispd
499 ? 00:00:00 sedispatch
509 ? 00:00:00 alsactl
510 ? 00:00:00 firewalld
512 ? 00:00:00 accounts-daemon
513 ? 00:00:00 rtkit-daemon
518 ? 00:00:02 vmtoolsd
519 ? 00:00:00 ModemManager
521 ? 00:00:00 avahi-daemon
524 ? 00:00:00 systemd-logind
527 ? 00:00:00 dbus-daemon
531 ? 00:00:00 atd
532 ? 00:00:00 crond
535 ? 00:00:00 abrtd
537 ? 00:00:00 abrt-watch-log
541 ? 00:00:00 abrt-watch-log
545 ? 00:00:00 gdm
547 ? 00:00:00 chronyd
562 ? 00:00:00 rpcbind
563 ? 00:00:00 avahi-daemon
576 ? 00:00:00 gdm-simple-slav
582 tty1 00:00:05 Xorg
583 ? 00:00:01 polkitd
646 ? 00:00:00 NetworkManager
720 ? 00:00:00 cfg80211
741 ? 00:00:00 systemd
748 ? 00:00:00 (sd-pam)
858 ? 00:00:00 xinetd
875 ? 00:00:00 rpc.statd
922 ? 00:00:00 bluetoothd
1152 ? 00:00:00 upowerd
1298 ? 00:00:00 colord
1302 ? 00:00:00 dhclient
1415 ? 00:00:00 gdm-session-wor
1419 ? 00:00:00 systemd
1420 ? 00:00:00 (sd-pam)
1423 ? 00:00:00 gnome-keyring-d
1425 ? 00:00:00 gnome-session
1433 ? 00:00:00 dbus-launch
1434 ? 00:00:00 dbus-daemon
1451 ? 00:00:00 at-spi-bus-laun
1455 ? 00:00:00 dbus-daemon
1458 ? 00:00:00 at-spi2-registr
1465 ? 00:00:00 gvfsd
1469 ? 00:00:00 gvfsd-fuse
1480 ? 00:00:00 gnome-settings-
1501 ? 00:00:00 pulseaudio
1517 ? 00:00:00 gvfs-udisks2-vo
1519 ? 00:00:00 udisksd
1528 ? 00:00:00 gvfs-goa-volume
1531 ? 00:00:00 goa-daemon
1539 ? 00:00:00 mission-control
1540 ? 00:00:00 gvfs-afc-volume
1547 ? 00:00:00 gvfs-mtp-volume
1552 ? 00:00:00 gvfs-gphoto2-vo
1559 ? 00:00:11 gnome-shell
1564 ? 00:00:00 dconf-service
1575 ? 00:00:00 cupsd
1587 ? 00:00:00 gsd-printer
1607 ? 00:00:00 ibus-daemon
1611 ? 00:00:00 ibus-dconf
1613 ? 00:00:00 ibus-x11
1630 ? 00:00:00 gnome-shell-cal
1636 ? 00:00:00 evolution-sourc
1678 ? 00:00:00 ibus-engine-sim
1682 ? 00:00:00 tracker-store
1706 ? 00:00:01 vmtoolsd
1709 ? 00:00:00 abrt-applet
1712 ? 00:00:00 tracker-miner-f
1715 ? 00:00:00 evolution-calen
1720 ? 00:00:00 evolution-alarm
1810 ? 00:00:00 obexd
1893 ? 00:00:02 gnome-terminal-
1896 ? 00:00:00 gnome-pty-helpe
1897 pts/0 00:00:00 bash
1990 ? 00:00:00 nfsiod
2085 ? 00:00:00 nfsd4
2086 ? 00:00:00 nfsd4_callbacks
2087 ? 00:00:00 lockd
2090 ? 00:00:00 nfsd
2091 ? 00:00:00 nfsd
2092 ? 00:00:00 nfsd
2093 ? 00:00:00 nfsd
2094 ? 00:00:00 nfsd
2095 ? 00:00:00 nfsd
2096 ? 00:00:00 nfsd
2097 ? 00:00:00 nfsd
2106 ? 00:00:00 rpc.rquotad
2107 ? 00:00:00 rpc.idmapd
2108 ? 00:00:00 rpc.mountd
2132 ? 00:00:00 kworker/u128:2
2239 pts/0 00:00:00 su
2244 pts/0 00:00:00 bash
2268 pts/0 00:00:00 su
2271 pts/0 00:00:00 bash
2592 ? 00:00:00 kworker/0:1
2594 ? 00:00:00 systemd
2605 ? 00:00:00 (sd-pam)
2719 ? 00:00:00 kworker/0:0
2740 pts/0 00:00:00 ps
[root@localhost eric]#

If you want to disable the firewall on Fedora why not just type "service iptables stop"?

Have you checked to see if ip6tables is running and stopped it?

Have you checked to see if SELinux is enabled and enforcing? SELinux is another level of security.

@OP: I must say your approach was wrong enough to frustate you:

if you have networking issues accessing snmp, nfs etc allow them in firewall for your network and see if that gets resolved, and before anything you didnt even tried to fetch the logs to see whats actually could be a problem. As said in above post it could be selinux too!!

and it is not only this could allow everything comes in or going out:
better stop firewall by stopping the services and then try connections --> fetch logs see whats there!!

Setting the policies to ACCEPT simply means that the catch-all rule at the bottom of the chain(s) is "ACCEPT" instead of "DROP". Any blocking rules will still be in effect.

To completely disable the firewall, you'll have to flush the chains as well:Some distributions have a "firewall service" that manages the ruleset. Stopping such a process may or may not empty the ruleset and may or may not change the policies to "ACCEPT".

The iptables firewall itself is a kernel feature, not a process or daemon. If iptables -L or iptables-save shows no blocking rules and an ACCEPT policy, then there's no firewall.

What makes you suspect the communication issues are caused by firewall settings? Can you connect to the VM at all with, say, ping? Do such connection attempts leave an entry in the ARP table on the connecting system?

iptables/ip6tables both not running

selinux is disabled

That helped ....
 

Now *that* was helpful; I got from 'no route to host' to 'connection refused'. One roadblock out of the way, now to work on the permissions issue. Good!

I can ping the VM, yes.

The server's arp table contains the client's ip address, not sure how it got there. But addresses and firewalls are not the problem any more.

You're using fedora 20. The iptables service isn't enabled. Try or getenforce should return the status of selinux. Outside of that we need actual error message to troubleshoot anything. Try systemctl status <service name> for the service your trying to run.