Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have been having a number of mysterious networking problems all revolving around my Fedora 20 virtual machine. I have resolved some of them to file permissions issues but some still persist. Basically they are failures to connect (NFS, tftp, snmp) with symptoms that make me think a firewall is involved.
Problem is, I have pretty much disabled every firewall I can find between the systems. One system is a ucLinux embedded system without a firewall at all, the other is my Fedora 20 VM, and I have an Ubuntu VM also. All of them ping each other; all are on the same router; all have addresses like 192.168.*.*. So does the router.
I disabled the firewall on the router by going into it from the browser.
I disabled the firewall on the Fedora VM by opening ports in the GUI, then finally:
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables-save
This produces an iptables file that looks like I would expect, ACCEPT pretty much everywhere.
I disabled the firewall on the Ubuntu VM by way of ufw:
root@instant-contiki:/home/user# ufw status
Status: inactive
But many net ops into that Fedora VM are still failing.
Is there something I have overlooked? Is it possible to have two firewalls running? I have disabled SELinux because that was causing problems also.
This is a pretty vanilla setup and this should be easy. Process dump from Fedora box follows (I noticed firewalld is still running ... hmm...).
@OP: I must say your approach was wrong enough to frustate you:
if you have networking issues accessing snmp, nfs etc allow them in firewall for your network and see if that gets resolved, and before anything you didnt even tried to fetch the logs to see whats actually could be a problem. As said in above post it could be selinux too!!
and it is not only this could allow everything comes in or going out:
I disabled the firewall on the Fedora VM by opening ports in the GUI, then finally:
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables-save
This produces an iptables file that looks like I would expect, ACCEPT pretty much everywhere.
Setting the policies to ACCEPT simply means that the catch-all rule at the bottom of the chain(s) is "ACCEPT" instead of "DROP". Any blocking rules will still be in effect.
To completely disable the firewall, you'll have to flush the chains as well:
Some distributions have a "firewall service" that manages the ruleset. Stopping such a process may or may not empty the ruleset and may or may not change the policies to "ACCEPT".
The iptables firewall itself is a kernel feature, not a process or daemon. If iptables -L or iptables-save shows no blocking rules and an ACCEPT policy, then there's no firewall.
What makes you suspect the communication issues are caused by firewall settings? Can you connect to the VM at all with, say, ping? Do such connection attempts leave an entry in the ARP table on the connecting system?
Setting the policies to ACCEPT simply means that the catch-all rule at the bottom of the chain(s) is "ACCEPT" instead of "DROP". Any blocking rules will still be in effect.
To completely disable the firewall, you'll have to flush the chains as well:
Some distributions have a "firewall service" that manages the ruleset. Stopping such a process may or may not empty the ruleset and may or may not change the policies to "ACCEPT".
The iptables firewall itself is a kernel feature, not a process or daemon. If iptables -L or iptables-save shows no blocking rules and an ACCEPT policy, then there's no firewall.
What makes you suspect the communication issues are caused by firewall settings? Can you connect to the VM at all with, say, ping? Do such connection attempts leave an entry in the ARP table on the connecting system?
Now *that* was helpful; I got from 'no route to host' to 'connection refused'. One roadblock out of the way, now to work on the permissions issue. Good!
I can ping the VM, yes.
The server's arp table contains the client's ip address, not sure how it got there. But addresses and firewalls are not the problem any more.
You're using fedora 20. The iptables service isn't enabled. Try
Code:
systemctl stop firewalld.service
or
Code:
service firewalld stop
getenforce should return the status of selinux. Outside of that we need actual error message to troubleshoot anything. Try systemctl status <service name> for the service your trying to run.
Last edited by wstewart90; 01-28-2014 at 07:52 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.