VMware vSphere

 View Only

  • 1.  How to change the ports to connect to ESXi host from vSphere Client?

    Posted Mar 28, 2015 10:41 AM

    Hi,

    I need to access the ESXi host from public internet. I know I can do port forwarding on the router but unfortunately the firmware on my router cannot do forwarding like 12345->x.x.x.x:443 which means I must forward Port 443 to the ESXi host which I cannot do, because it is occupied.

    I tried to SSH to the host and change "/etc/vmware/firewall/service.xml" file as suggested here: VMware KB: Creating custom firewall rules in VMware ESXi 5.x and refresh the firewall. I also tried to restart Management Agents in the ESXi console, but it did not help.

    In vSphere Client configuration->security profile page, the vSphere Client incoming ports are still 902 and 443 and I cannot change them from vSphere Client(as root).

    I am aware that the settings will be lost after ESXi host reboots so I did not reboot the ESXi host.

    Feeling lost now...any idea?



  • 2.  RE: How to change the ports to connect to ESXi host from vSphere Client?

    Posted Mar 28, 2015 05:19 PM

    Not a direct answer to your question but maybe a different approach: Can't you put up a simple PPTP VPN server to dial up to from the outside and access the host through that VPN tunnel?



  • 3.  RE: How to change the ports to connect to ESXi host from vSphere Client?



  • 4.  RE: How to change the ports to connect to ESXi host from vSphere Client?

    Posted Mar 29, 2015 01:08 AM

    Good call for using VPN, but I do not want to go that path for some reasons.

    I had tried modifying the proxy.xml file before I posted the thread, when I SSHed into the ESXi host. But I went through the vMA process anyway, and "vifs --server <hostname> --username <username> --put <local_directory_path>/proxy.xml /host/proxy.xml" actually gave me the modified proxy.xml already, which apparently did not work.

    Here is the block I modified in /etc/vmware/firewall/services.xml :

      <service id='0017'>

        <id>vSphereClient</id>

        <rule id='0000'>

          <direction>inbound</direction>

          <protocol>tcp</protocol>

          <porttype>dst</porttype>

          <port>902</port>

        </rule>

        <rule id='0001'>

          <direction>inbound</direction>

          <protocol>tcp</protocol>

          <porttype>dst</porttype>

          <port>8443</port>

        </rule>

        <enabled>true</enabled>

        <required>true</required>

      </service>

    Then I refreshed the firewall with: "esxcli network firewall refresh".

    Here is what my proxy.xml looks like:

    <ConfigRoot>

      <httpPort>80</httpPort>

      <httpsPort>8443</httpsPort>

      <EndpointList>

    //...and so on

    Then I restarted the Management Agents as suggested.

    The result was that I still need to access from Port 443 and Port 8443 did not response at all.

    I am not sure what have I done wrong, but this is really frustrating.