[Spice-devel] spice configuration - problem with connection
David Jaša
djasa at redhat.com
Tue Feb 14 03:23:31 PST 2012
David Jaša píše v Út 14. 02. 2012 v 12:12 +0100:
> Hi Daniel,
>
> Daniel Parnak píše v Po 13. 02. 2012 v 13:29 -0500:
> > sorry, is it better now? ;)
> >
> > iptables -n -v -L
> >
> > Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
> > pkts bytes target prot opt in out source
> > destination
> > 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0
> > 0.0.0.0/0 udp dpt:53
> > 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0
> > 0.0.0.0/0 tcp dpt:53
> > 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0
> > 0.0.0.0/0 udp dpt:67
> > 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0
> > 0.0.0.0/0 tcp dpt:67
> > 65157 90M ACCEPT all -- * * 0.0.0.0/0
> > 0.0.0.0/0 state RELATED,ESTABLISHED
> > 1 48 ACCEPT icmp -- * * 0.0.0.0/0
> > 0.0.0.0/0
> > 5 220 ACCEPT all -- lo * 0.0.0.0/0
> > 0.0.0.0/0
>
> ^^^ no rule specifically allowing tcp port 5930
>
> > 44 10352 REJECT all -- * * 0.0.0.0/0
> > 0.0.0.0/0 reject-with icmp-host-prohibited
>
> ^^^ rejecting anything else
>
> Daniel, either disable iptables completely if you don't care about
> firewalling:
> service iptables stop
> chkconfig iptables off
>
> or add rule to /etc/sysconfig/iptables allowing connections to the port
> or port range into INPUT chain somewhere between ESTABLISHED,RELATED
> rule and last REJECT rule:
>
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> # other rules
> # this in case of single port to be opened:
> -A INPUT -p tcp --dport 5930 -j ACCEPT
> # this in case of port range:
> -A INPUT -p tcp -m multiport --dports 5900:6000 -j ACCEPT
> # this must be the last rule in INPUT chain:
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
>
forgot to add - after you edit the file, you have to apply the changes:
service iptables restart
David
> David
>
> PS: it is definitely better ;)
>
> >
> > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> > pkts bytes target prot opt in out source
> > destination
> > 0 0 ACCEPT all -- * virbr0 0.0.0.0/0
> > 192.168.122.0/24 state RELATED,ESTABLISHED
> > 0 0 ACCEPT all -- virbr0 * 192.168.122.0/24
> > 0.0.0.0/0
> > 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0
> > 0.0.0.0/0
> > 0 0 REJECT all -- * virbr0 0.0.0.0/0
> > 0.0.0.0/0 reject-with icmp-port-unreachable
> > 0 0 REJECT all -- virbr0 * 0.0.0.0/0
> > 0.0.0.0/0 reject-with icmp-port-unreachable
> > 0 0 REJECT all -- * * 0.0.0.0/0
> > 0.0.0.0/0 reject-with icmp-host-prohibited
> >
> > Chain OUTPUT (policy ACCEPT 2850 packets, 401K bytes)
> > pkts bytes target prot opt in out source destination
> >
> >
> >
> > 2012/2/13 David Jaša <djasa at redhat.com>
> > >
> > > Daniel,
> > >
> > > let us also know if you fix it yourself. I'm pretty curious how
> > > qemu-kvm/spice will run on top of another hypervisor! :)
> > >
> > > David
> > >
> > >
> > > David Jaša píše v Po 13. 02. 2012 v 17:25 +0100:
> > > > Daniel Parnak píše v Po 13. 02. 2012 v 16:57 +0100:
> > > > > nmap 192.168.163.179
> > > > >
> > > > > Starting Nmap 5.51 ( http://nmap.org ) at 2012-02-13 09:50 EST
> > > > > Nmap scan report for 192.168.163.179
> > > > > Host is up (0.00024s latency).
> > > > > All 1000 scanned ports on 192.168.163.179 are filtered
> > > > > MAC Address: 00:0C:29:E7:6B:6F (VMware)
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Nmap done: 1 IP address (1 host up) scanned in 5.20 seconds
> > > > >
> > > > >
> > > >
> > > > This is your reply. Verify that iptables is not blocking incoming
> > > > connection to your port. If you're not sure how, please paste here
> > > > "iptables -n -v -L" output (from terminal at least 110 chars wide,
> > > > please, for sake of readability ;-))
> > > >
> > > > >
> > > > > image.png
> > > > > or maybe I should conect to 192.168.2.15 ?
> > > >
> > > > no. spice server listens on host address:
> > > >
> > > > +----------+
> > > > | guest VM |
> > > > +----------+
> > > >
> > > > +----------+ +---------------+
> > > > | client | <--- network ---> | server |
> > > > | .163.129 | | .163.179:5930 |
> > > > +----------+ +---------------+
> > > >
> > > >
> > > > David
> > > >
> > > > PS: please, could you send your emails in plain text? It would make CLI
> > > > pastes more readable.
> > > > >
> > > > >
> > > > > 2012/2/13 David Jaša <djasa at redhat.com>
> > > > > Daniel Parnak píše v Po 13. 02. 2012 v 12:25 +0100:
> > > > > > # /home/liveuser/.spicec/spicec.log
> > > > > >
> > > > > > 1329134774 INFO [2196:2196] Application::main: starting
> > > > > 0.10.1
> > > > > > 1329134774 INFO [2196:2196] Application::main: command line:
> > > > > spicec -h
> > > > > > 192.168.163.179 -p 5930
> > > > > > 1329134774 INFO [2196:2196] init_key_map: using evdev
> > > > > mapping
> > > > > > 1329134774 INFO [2196:2196] MultyMonScreen::MultyMonScreen:
> > > > > > platform_win: 52428801
> > > > > > 1329134774 INFO [2196:2196] GUI::GUI:
> > > > > > 1329134775 INFO [2196:2196] ForeignMenu::ForeignMenu:
> > > > > Creating a
> > > > > > foreign menu connection /tmp/SpiceForeignMenu-2196.uds
> > > > > > 1329134775 INFO [2196:2197] RedPeer::connect_to_peer:
> > > > > Connect failed:
> > > > > > No route to host (113)
> > > > > > 1329134775 WARN [2196:2197] RedChannel::run: failed to
> > > > > connect: No
> > > > > > route to host (113)
> > > > > > 1329134775 INFO [2196:2196] main: Spice client terminated
> > > > > (exitcode =
> > > > > > 3)
> > > > > > 1329134778 INFO [2199:2199] Application::main: starting
> > > > > 0.10.1
> > > > > > 1329134778 INFO [2199:2199] Application::main: command line:
> > > > > spicec -h
> > > > > > 192.168.163.179 -p 5930
> > > > > > 1329134778 INFO [2199:2199] init_key_map: using evdev
> > > > > mapping
> > > > > > 1329134778 INFO [2199:2199] MultyMonScreen::MultyMonScreen:
> > > > > > platform_win: 52428801
> > > > > > 1329134778 INFO [2199:2199] GUI::GUI:
> > > > > > 1329134778 INFO [2199:2199] ForeignMenu::ForeignMenu:
> > > > > Creating a
> > > > > > foreign menu connection /tmp/SpiceForeignMenu-2199.uds
> > > > > > 1329134778 INFO [2199:2200] RedPeer::connect_to_peer:
> > > > > Connect failed:
> > > > > > No route to host (113)
> > > > > > 1329134778 WARN [2199:2200] RedChannel::run: failed to
> > > > > connect: No
> > > > > > route to host (113)
> > > > > > 1329134778 INFO [2199:2199] main: Spice client terminated
> > > > > (exitcode =
> > > > > > 3)
> > > > > >
> > > > > > # I've installed qemu-kvm but when I try to run qemu-kvm
> > > > > shows this:
> > > > > >
> > > > > > Could not access KVM kernel module: No such file or
> > > > > directory
> > > > > > failed to initialize KVM: No such file or directory
> > > > > > No accelerator found!
> > > > > >
> > > > >
> > > > > This is expected, as you run qemu in VM (IIUC your first
> > > > > mail). Can you
> > > > > verify with nmap that the host is really reachable?
> > > > >
> > > > > > # How is qemu connected to hosts network?
> > > > > >
> > > > >
> > > > >
> > > > > qemu listens on defined address (-spice
> > > > > addr=<sth>,port=<port>,...).
> > > > > When not specified, default address is 0.0.0.0 (all ivp4
> > > > > addresses).
> > > > >
> > > > > The different story is networking of VM, there are more
> > > > > possible
> > > > > approaches - consult qemu's manual page for them.
> > > > >
> > > > > David
> > > > > >
> > > > > >
> > > > > > 2012/2/13 Yonit Halperin <yhalperi at redhat.com>
> > > > > > On 02/12/2012 11:39 AM, Daniel Parnak wrote:
> > > > > > 2012/2/12 Yonit Halperin
> > > > > <yhalperi at redhat.com
> > > > > > <mailto:yhalperi at redhat.com>>
> > > > > >
> > > > > >
> > > > > > On 02/11/2012 01:29 PM, Daniel Parnak
> > > > > wrote:
> > > > > >
> > > > > > Hello,
> > > > > >
> > > > > > I want to test spice on my virtual
> > > > > machines but
> > > > > > I have problem.
> > > > > > I create 2 virtual machines (one for
> > > > > server,
> > > > > > one for client) on
> > > > > > VMware
> > > > > > Workstation 8 and I run on them
> > > > > > Fedora-16-x86_64-Live-Desktop.
> > > > > >
> > > > > > # On server I do:
> > > > > > yum -y install qemu-kvm libvirt
> > > > > python-virtinst
> > > > > > bridge-utils
> > > > > > systemctl start libvirtd.service
> > > > > > chkconfig libvirtd on
> > > > > > yum -y install spice-server
> > > > > spice-protocol
> > > > > > qemu-img create /tmp/fedora.qcow 8G
> > > > > > qemu -cdrom /dev/cdrom
> > > > > -hda /tmp/fedora.qcow
> > > > > > -boot d -net nic
> > > > > > -net user
> > > > > > -m 1024
> > > > > >
> > > > > > # Then after run virtual machine I
> > > > > start spice
> > > > > > qemu -spice port=5930
> > > > > >
> > > > > > Hi, you should add the "-spice
> > > > > <spice-params>" at
> > > > > > the same command
> > > > > > you run the vm. No need for 2 different
> > > > > `qemu`
> > > > > > runs.
> > > > > > In addition, you probably also want to
> > > > > add to
> > > > > > spice-params
> > > > > > ",disable-ticketing" and to qemu params
> > > > > -vga qxl.
> > > > > >
> > > > > >
> > > > > > Thanks, now I do:
> > > > > >
> > > > > > qemu
> > > > > -cdrom /tmp/FreeBSD-8.2-RELEASE-i386-disc1.iso
> > > > > > -hda
> > > > > > /tmp/fedora.qcow -boot d -net nic -net user
> > > > > -m 1024
> > > > > > -spice
> > > > > > port=5930,disable-ticketing -vga qxl
> > > > > >
> > > > > > and I receive:
> > > > > >
> > > > > >
> > > > > > /do_spice_init: starting 0.10.1
> > > > > >
> > > > > > spice_server_add_interface:
> > > > > SPICE_INTERFACE_KEYBOARD
> > > > > > spice_server_add_interface:
> > > > > SPICE_INTERFACE_MOUSE
> > > > > > spice_server_add_interface:
> > > > > SPICE_INTERFACE_QXL
> > > > > > red_worker_main: begin
> > > > > > display_channel_create: create display
> > > > > channel
> > > > > >
> > > > > > cursor_channel_create: create cursor
> > > > > channel/
> > > > > >
> > > > > >
> > > > > > vm doesn't start, and I still can't connect
> > > > > from
> > > > > > spicec to server
> > > > > >
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > You can try running qemu-kvm instead of qemu. Please
> > > > > also send
> > > > > > the client's log file ($home/.spicec/spicec.log)
> > > > > >
> > > > > >
> > > > > >
> > > > > > # On client's machine I install spice
> > > > > client
> > > > > > yum -y install spice-client
> > > > > spice-protocol
> > > > > > spicec -h 192.168.163.128 -p 5930
> > > > > >
> > > > > > And I receive warning:
> > > > > > failed to connect: no route to host
> > > > > (113)
> > > > > >
> > > > > > I can ping server and host. Tcpdump
> > > > > shows that
> > > > > > when I want to
> > > > > > connect
> > > > > > via spicec packages are sent, and
> > > > > host receive
> > > > > > it.
> > > > > >
> > > > > > What is wrong? And how can I resolve
> > > > > this
> > > > > > problem?
> > > > > >
> > > > > > Greetings,
> > > > > > Daniel
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > _________________________________________________
> > > > > > Spice-devel mailing list
> > > > > > Spice-devel at lists.freedesktop.__org
> > > > > >
> > > > > <mailto:Spice-devel at lists.freedesktop.org>
> > > > > >
> > > > > >
> > > > > http://lists.freedesktop.org/__mailman/listinfo/spice-devel
> > > > > >
> > > > > >
> > > > > <http://lists.freedesktop.org/mailman/listinfo/spice-devel>
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > > > _______________________________________________
> > > > > > Spice-devel mailing list
> > > > > > Spice-devel at lists.freedesktop.org
> > > > > > http://lists.freedesktop.org/mailman/listinfo/spice-devel
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > > David Jaša, RHCE
> > > > >
> > > > > SPICE QE based in Brno
> > > > > GPG Key: 22C33E24
> > > > > Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Spice-devel mailing list
> > > > > Spice-devel at lists.freedesktop.org
> > > > > http://lists.freedesktop.org/mailman/listinfo/spice-devel
> > > >
> > >
> > > --
> > >
> > > David Jaša, RHCE
> > >
> > > SPICE QE based in Brno
> > > GPG Key: 22C33E24
> > > Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
> > >
> > >
> > _______________________________________________
> > Spice-devel mailing list
> > Spice-devel at lists.freedesktop.org
> > http://lists.freedesktop.org/mailman/listinfo/spice-devel
>
--
David Jaša, RHCE
SPICE QE based in Brno
GPG Key: 22C33E24
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
More information about the Spice-devel
mailing list