Barry,

(1)
guest1# iptables -L FORWARD -n
Chain FORWARD (policy ACCEPT)
target   prot opt source          destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0        0.0.0.0/0

guest2# iptables -L FORWARD -n
Chain FORWARD (policy ACCEPT)
target   prot opt source          destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0        0.0.0.0/0

(2) the followings are outpit of "iptables -L". The iptables output was same for guest1 and guest2:

# iptables -L
Chain INPUT (policy ACCEPT)
target   prot opt source          destination
RH-Firewall-1-INPUT all -- anywhere         anywhere

Chain FORWARD (policy ACCEPT)
target   prot opt source          destination
RH-Firewall-1-INPUT all -- anywhere         anywhere

Chain OUTPUT (policy ACCEPT)
target   prot opt source          destination

Chain RH-Firewall-1-INPUT (2 references)
target   prot opt source          destination
ACCEPT   all -- anywhere         anywhere
ACCEPT   icmp -- anywhere         anywhere        icmp any
ACCEPT   ipv6-crypt-- anywhere         anywhere
ACCEPT   ipv6-auth-- anywhere         anywhere
ACCEPT   udp -- anywhere         224.0.0.251      udp dpt:5353
ACCEPT   udp -- anywhere         anywhere        udp dpt:ipp
ACCEPT   all -- anywhere         anywhere        state RELATED,ESTABLISHED
ACCEPT   tcp -- anywhere         anywhere        state NEW tcp dpt:ssh
ACCEPT   tcp -- anywhere         anywhere        state NEW tcp dpt:http
REJECT   all -- anywhere         anywhere        reject-with icmp-host-prohibited

Thanks.



-------------- Original message ----------------------
From: Barry Brimer <lists@(protected)>
> What is the output with the firewall running of "iptables -L FORWARD -n"
> ?? I am wondering if you are getting something dropped somehow in the
> FORWARD chain.
>
> On Fri, 7 Mar 2008 winty@(protected):
>
> > Hi,
> >
> > I have installed two para-virtualized guests on the a RHEL 5.1 host. I met an
> issue of connection between each guest:
> >
> > (1) Yes. Each guest could ping each other;
> >
> > (2) No. Each guest couldn't SSH each other even I opened the SSH 22 port:
> > # iptables -L
> > ACCEPT   tcp -- anywhere         anywhere        tcp dpt:ssh
> >
> >
> > (3) No. Each guest also couldn't telnet each other:
> > guest1# telnet guest2
> > Trying 198.17.34.12...
> > telnet: connect to address 198.17.34.12: No route to host
> > telnet: Unable to connect to remote host: No route to host
> >
> > (4) If I stopped the iptables on the both guests, then I could SSH or telnet
> between guests.
> >
> > Did anyone know how to set the iptables rules on the para-virtualized host or
> guests to resolve it?
> >
> > Thanks,
> > Winty
> >
> > _______________________________________________
> > rhelv5-list mailing list
> > rhelv5-list@(protected)
> > https://www.redhat.com/mailman/listinfo/rhelv5-list
> >
> > !DSPAM:47d0a6fd185119652919872!
> >
> >
>
> _______________________________________________
> rhelv5-list mailing list
> rhelv5-list@(protected)
> https://www.redhat.com/mailman/listinfo/rhelv5-list

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list