Console connections for virtual machines, whether direct or through a proxy, are received
on ports 5900
to 5999
. You must configure the firewall
on each Compute service node to enable network traffic on these ports.
Procedure 4.1. Configure the service-node firewall
On the server that hosts the Compute service, log in as
root
.Edit the
/etc/sysconfig/iptables
file.Add an INPUT rule that allows TCP traffic on ports that range from
5900
to5999
:-A INPUT -p tcp -m multiport --dports 5900:5999 -j ACCEPT
The new rule must appear before any INPUT rules that REJECT traffic.
Save the changes to the
/etc/sysconfig/iptables
file.Restart the
iptables
service to ensure that the change takes effect.$ service iptables restart
The iptables
firewall now enables incoming connections to the
Compute services. Repeat this process for each Compute service node.