Networking problems, how to turn off firewall?
I have been having a number of mysterious networking problems all revolving around my Fedora 20 virtual machine. I have resolved some of them to file permissions issues but some still persist. Basically they are failures to connect (NFS, tftp, snmp) with symptoms that make me think a firewall is involved.
Problem is, I have pretty much disabled every firewall I can find between the systems. One system is a ucLinux embedded system without a firewall at all, the other is my Fedora 20 VM, and I have an Ubuntu VM also. All of them ping each other; all are on the same router; all have addresses like 192.168.*.*. So does the router. I disabled the firewall on the router by going into it from the browser. I disabled the firewall on the Fedora VM by opening ports in the GUI, then finally: iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables-save This produces an iptables file that looks like I would expect, ACCEPT pretty much everywhere. I disabled the firewall on the Ubuntu VM by way of ufw: root@instant-contiki:/home/user# ufw status Status: inactive But many net ops into that Fedora VM are still failing. Is there something I have overlooked? Is it possible to have two firewalls running? I have disabled SELinux because that was causing problems also. This is a pretty vanilla setup and this should be easy. Process dump from Fedora box follows (I noticed firewalld is still running ... hmm...). [root@localhost eric]# ps -e PID TTY TIME CMD 1 ? 00:00:01 systemd 2 ? 00:00:00 kthreadd 3 ? 00:00:00 ksoftirqd/0 5 ? 00:00:00 kworker/0:0H 6 ? 00:00:00 kworker/u128:0 7 ? 00:00:00 migration/0 8 ? 00:00:00 rcu_bh 9 ? 00:00:00 rcu_sched 10 ? 00:00:00 khelper 11 ? 00:00:00 kdevtmpfs 12 ? 00:00:00 netns 13 ? 00:00:00 writeback 14 ? 00:00:00 kintegrityd 15 ? 00:00:00 bioset 16 ? 00:00:00 kblockd 17 ? 00:00:00 ata_sff 18 ? 00:00:00 khubd 19 ? 00:00:00 md 44 ? 00:00:00 kswapd0 45 ? 00:00:00 ksmd 46 ? 00:00:00 khugepaged 47 ? 00:00:00 fsnotify_mark 48 ? 00:00:00 crypto 57 ? 00:00:00 kthrotld 58 ? 00:00:00 scsi_eh_0 59 ? 00:00:00 scsi_eh_1 61 ? 00:00:00 kpsmoused 62 ? 00:00:01 kworker/0:2 63 ? 00:00:00 deferwq 69 ? 00:00:00 kauditd 220 ? 00:00:00 mpt_poll_0 221 ? 00:00:00 mpt/0 222 ? 00:00:00 scsi_eh_2 223 ? 00:00:00 ttm_swap 225 ? 00:00:00 kworker/0:1H 294 ? 00:00:00 kdmflush 295 ? 00:00:00 bioset 297 ? 00:00:00 kdmflush 299 ? 00:00:00 bioset 321 ? 00:00:00 jbd2/dm-1-8 322 ? 00:00:00 ext4-rsv-conver 323 ? 00:00:00 ext4-unrsv-conv 394 ? 00:00:00 systemd-journal 414 ? 00:00:00 rpciod 416 ? 00:00:00 lvmetad 424 ? 00:00:00 systemd-udevd 463 ? 00:00:00 jbd2/sda1-8 464 ? 00:00:00 ext4-rsv-conver 465 ? 00:00:00 ext4-unrsv-conv 470 ? 00:00:00 auditd 495 ? 00:00:00 audispd 499 ? 00:00:00 sedispatch 509 ? 00:00:00 alsactl 510 ? 00:00:00 firewalld 512 ? 00:00:00 accounts-daemon 513 ? 00:00:00 rtkit-daemon 518 ? 00:00:02 vmtoolsd 519 ? 00:00:00 ModemManager 521 ? 00:00:00 avahi-daemon 524 ? 00:00:00 systemd-logind 527 ? 00:00:00 dbus-daemon 531 ? 00:00:00 atd 532 ? 00:00:00 crond 535 ? 00:00:00 abrtd 537 ? 00:00:00 abrt-watch-log 541 ? 00:00:00 abrt-watch-log 545 ? 00:00:00 gdm 547 ? 00:00:00 chronyd 562 ? 00:00:00 rpcbind 563 ? 00:00:00 avahi-daemon 576 ? 00:00:00 gdm-simple-slav 582 tty1 00:00:05 Xorg 583 ? 00:00:01 polkitd 646 ? 00:00:00 NetworkManager 720 ? 00:00:00 cfg80211 741 ? 00:00:00 systemd 748 ? 00:00:00 (sd-pam) 858 ? 00:00:00 xinetd 875 ? 00:00:00 rpc.statd 922 ? 00:00:00 bluetoothd 1152 ? 00:00:00 upowerd 1298 ? 00:00:00 colord 1302 ? 00:00:00 dhclient 1415 ? 00:00:00 gdm-session-wor 1419 ? 00:00:00 systemd 1420 ? 00:00:00 (sd-pam) 1423 ? 00:00:00 gnome-keyring-d 1425 ? 00:00:00 gnome-session 1433 ? 00:00:00 dbus-launch 1434 ? 00:00:00 dbus-daemon 1451 ? 00:00:00 at-spi-bus-laun 1455 ? 00:00:00 dbus-daemon 1458 ? 00:00:00 at-spi2-registr 1465 ? 00:00:00 gvfsd 1469 ? 00:00:00 gvfsd-fuse 1480 ? 00:00:00 gnome-settings- 1501 ? 00:00:00 pulseaudio 1517 ? 00:00:00 gvfs-udisks2-vo 1519 ? 00:00:00 udisksd 1528 ? 00:00:00 gvfs-goa-volume 1531 ? 00:00:00 goa-daemon 1539 ? 00:00:00 mission-control 1540 ? 00:00:00 gvfs-afc-volume 1547 ? 00:00:00 gvfs-mtp-volume 1552 ? 00:00:00 gvfs-gphoto2-vo 1559 ? 00:00:11 gnome-shell 1564 ? 00:00:00 dconf-service 1575 ? 00:00:00 cupsd 1587 ? 00:00:00 gsd-printer 1607 ? 00:00:00 ibus-daemon 1611 ? 00:00:00 ibus-dconf 1613 ? 00:00:00 ibus-x11 1630 ? 00:00:00 gnome-shell-cal 1636 ? 00:00:00 evolution-sourc 1678 ? 00:00:00 ibus-engine-sim 1682 ? 00:00:00 tracker-store 1706 ? 00:00:01 vmtoolsd 1709 ? 00:00:00 abrt-applet 1712 ? 00:00:00 tracker-miner-f 1715 ? 00:00:00 evolution-calen 1720 ? 00:00:00 evolution-alarm 1810 ? 00:00:00 obexd 1893 ? 00:00:02 gnome-terminal- 1896 ? 00:00:00 gnome-pty-helpe 1897 pts/0 00:00:00 bash 1990 ? 00:00:00 nfsiod 2085 ? 00:00:00 nfsd4 2086 ? 00:00:00 nfsd4_callbacks 2087 ? 00:00:00 lockd 2090 ? 00:00:00 nfsd 2091 ? 00:00:00 nfsd 2092 ? 00:00:00 nfsd 2093 ? 00:00:00 nfsd 2094 ? 00:00:00 nfsd 2095 ? 00:00:00 nfsd 2096 ? 00:00:00 nfsd 2097 ? 00:00:00 nfsd 2106 ? 00:00:00 rpc.rquotad 2107 ? 00:00:00 rpc.idmapd 2108 ? 00:00:00 rpc.mountd 2132 ? 00:00:00 kworker/u128:2 2239 pts/0 00:00:00 su 2244 pts/0 00:00:00 bash 2268 pts/0 00:00:00 su 2271 pts/0 00:00:00 bash 2592 ? 00:00:00 kworker/0:1 2594 ? 00:00:00 systemd 2605 ? 00:00:00 (sd-pam) 2719 ? 00:00:00 kworker/0:0 2740 pts/0 00:00:00 ps [root@localhost eric]# |
If you want to disable the firewall on Fedora why not just type "service iptables stop"?
Have you checked to see if ip6tables is running and stopped it? Have you checked to see if SELinux is enabled and enforcing? SELinux is another level of security. |
@OP: I must say your approach was wrong enough to frustate you:
if you have networking issues accessing snmp, nfs etc allow them in firewall for your network and see if that gets resolved, and before anything you didnt even tried to fetch the logs to see whats actually could be a problem. As said in above post it could be selinux too!! and it is not only this could allow everything comes in or going out: Quote:
|
Quote:
To completely disable the firewall, you'll have to flush the chains as well: Code:
iptables -F INPUT The iptables firewall itself is a kernel feature, not a process or daemon. If iptables -L or iptables-save shows no blocking rules and an ACCEPT policy, then there's no firewall. What makes you suspect the communication issues are caused by firewall settings? Can you connect to the VM at all with, say, ping? Do such connection attempts leave an entry in the ARP table on the connecting system? |
Quote:
selinux is disabled |
That helped ....
Quote:
I can ping the VM, yes. The server's arp table contains the client's ip address, not sure how it got there. But addresses and firewalls are not the problem any more. |
You're using fedora 20. The iptables service isn't enabled. Try
Code:
systemctl stop firewalld.service Code:
service firewalld stop |
All times are GMT -5. The time now is 08:30 AM. |