OK so I'm leaning towards Stek's Linux is crap argument slightly more.
WFH on this now so I opened 5902 on the router, opened 5902 in iptables with a slightly different statement this time
And bingo I am in like flint.
Except that the VM no longer has internet access, ie NAT is not forwarding on for some reason.
Fairy snuff.
Then restart the hypervisor.
Restart VM. Bingo, internet access.
But I can no longer connect using remote viewer.
OK so spin up Wireshark and slap a Display filter on tcp.port eq 5902
Very enlightening.
So you can see the firewall, on .5 is telling me to bog off again.
Note, no firewall rules were changed since it last worked.
Irgo I conclude libvirt is adding something to the inbound rule chain that is overriding my rule and blocking me.
WFH on this now so I opened 5902 on the router, opened 5902 in iptables with a slightly different statement this time
Code:
-A INPUT -m state --state NEW,ESTABLISHED,RELATED -m tcp -p tcp --dport 5902 -m comment --comment "SPICE Client" -j ACCEPT
Except that the VM no longer has internet access, ie NAT is not forwarding on for some reason.
Fairy snuff.
Code:
systemctl restart firewalld
Restart VM. Bingo, internet access.
But I can no longer connect using remote viewer.
OK so spin up Wireshark and slap a Display filter on tcp.port eq 5902
Very enlightening.
Code:
5902 7.874682000 192.168.0.5 90.195.100.51 ICMP 94 Destination unreachable (Host administratively prohibited)
Note, no firewall rules were changed since it last worked.
Irgo I conclude libvirt is adding something to the inbound rule chain that is overriding my rule and blocking me.
Comment