vSphere Hypervisor

 View Only
  • 1.  vSphere Hypervisor Firewall

    Posted Dec 02, 2011 10:40 PM

    Hello,

    I've problems with securing my vSphere Hypervisor host machine. First I tried to change default ssh port but couldn't find a way to do it by vSphere Client. Then I did the change from /etc/ssh/sshd_config file but it didn't work too. At last, I made it by editing the ports in /etc/service file but then I couldn't find a way to allow the new port to inbound connections in firewall settings. Now I can't access to SSH because it's all blocked except vSphere service ports and there is no way to open a new port or service.

    vSphere Client has only on/off/ip settings in Security Profile in Configurations tab, but I couldn't make that functions work too. I don't want everybody to see my Web Access screen when they type my ip address to their browser but I couldn't close that too. I uncheck the vSphere Web Access from Firewall Properties but I can still see the web access screen from a remote computer.

    It looks like I can't install any third party software to the vSphere too.

    Is there a chance that I can configure my own settings, changing default ports on firewall and get some protection against brute force attacks? Am I looking for too much? I got dosens of brute force attacks to ssh port in the last three days and I dont' know how many I got to vSphere Client port.

    Thanks

    Engin



  • 2.  RE: vSphere Hypervisor Firewall

    Posted Dec 03, 2011 12:26 AM

    Once you've changed the SSH port you'll need to create a custom firewall rule.   See a how to doc here - http://www.virtuallyghetto.com/2011/07/how-to-create-custom-firewall-rules-in.html.



  • 3.  RE: vSphere Hypervisor Firewall

    Posted Dec 03, 2011 04:43 PM

    Thanks,

    Still have no idea about installing a iptables based firewall, brute force or ddos defender.



  • 4.  RE: vSphere Hypervisor Firewall

    Posted Dec 03, 2011 08:52 PM

    ESXi uses bits and pieces of Linux and other open source tools, but the kernel is not Linux based.  Thus you can't install just any package on ESXi.