http://communities.vmware.com/community/vmtn/archive/vi/esx?view=discussions Most recent forum messages en Fri, 20 Oct 2006 20:17:57 GMT Clearspace 1.10.12 (http://jivesoftware.com/products/clearspace/) 2006-10-20T20:17:57Z en http://communities.vmware.com/message/498753?tstart=0#498753 I figured out that the ports needed for Networker are inbound tcp on 7937 and 7938 and outbound on 7937 - 9936. I didn't know how to put in a range of ports for the firewall so I contacted support on this and here is his reply:<br /> <br /> Unfortunately the esxcfg-firewall command cannot add a range of ports, as strange as this may sound. <br /> <br /> I have done some investigating on this however, and found that edit the /etc/vmware/firewall/services.xml file and add a new service to so this. I have no documentation on the proper syntax for this, however by reviewing the file you can get a picture of what exactly it should look like. In general you will want to go to the bottom of the file and add a section that looks like this:<br /> <br /> &lt;service id='00xx'&gt;<br /> &lt;id&gt;NAME_OF_SERVICE&lt;/id&gt;<br /> &lt;rule id='0000'&gt;<br /> &lt;direction&gt;inbound&lt;/direction&gt;<br /> &lt;protocol&gt;tcp&lt;/protocol&gt;<br /> &lt;port type='dst'&gt;<br /> &lt;begin&gt;PORT_BEGIN&lt;/begin&gt;<br /> &lt;end&gt;PORT_END&lt;/end&gt;<br /> &lt;/port&gt;<br /> &lt;/rule&gt;<br /> &lt;rule id='0001'&gt;<br /> &lt;direction&gt;outbound&lt;/direction&gt;<br /> &lt;protocol&gt;tcp&lt;/protocol&gt;<br /> &lt;port type='dst'&gt;<br /> &lt;begin&gt;PORT_BEGIN&lt;/begin&gt;<br /> &lt;end&gt;PORT_END&lt;/end&gt;<br /> &lt;/port&gt;<br /> &lt;/rule&gt;<br /> &lt;/service&gt;<br /> <br /> WHERE: <br /> -service id='00xx' - is the next available service ID when you are looking at the last service entry in the services.xml file.<br /> -NAME_OF_SERVICE - the name of the new service/ports you want to open<br /> -PORT_BEGIN - the beginning port number<br /> -PORT_END - the ending port number<br /> <br /> This generates a rule that opens the ports you have in PORT_BEGIN and PORT_END for both incoming and outgoing tcp communication. Once this is saved, do a service firewall restart, and once this is done, you should be able to go into the VI client - Select the server that you made the configuration change on, Click Configuration--&gt;Security Profile and then hit the properties button. On this page you will be able to select the newly added service and click to enable.<br /> <br /> Once this is done you can than use esxcfg-firewall -q command to see if the port configuration was successfully added, and also test the backup software.<br /> <br /> Now those directions are great, but the one thing missing is that you also have to do a service mgmt-vmware command on the server to make the service show up in the console. Also the last service ID changes from ESX3.0 to ESX3.0.1. The last service ID in 3.0 is 25 and the last one in 3.0.1 is 27, they added two services in there. So I started thinking what happens with the next release if they decide to add more services, so I made the ID 50. That is assuming that they don't just overwrite that file during the upgrade.<br /> <br /> Hope this helps someone!<br /> <br /> Brian Shaw Fri, 20 Oct 2006 20:17:57 GMT bbshaw http://communities.vmware.com/message/498753?tstart=0#498753 2006-10-20T20:17:57Z 3 years, 1 month ago http://communities.vmware.com/message/492887?tstart=0#492887 What was the resolution? Was it just the disable of the firewall? What ports did you have to open up for Legato?<br /> <br /> Thanks! Thu, 12 Oct 2006 17:20:58 GMT bbshaw http://communities.vmware.com/message/492887?tstart=0#492887 2006-10-12T17:20:58Z 3 years, 1 month ago 1 http://communities.vmware.com/message/473751?tstart=0#473751 You're welcome.<br /> <br /> Thanks for the correct/helpful post points. <img class="jive-emoticon" border="0" src="http://communities.vmware.com/images/emoticons/sad.gif" alt=":(" /> Tue, 12 Sep 2006 16:00:16 GMT mittell http://communities.vmware.com/message/473751?tstart=0#473751 2006-09-12T16:00:16Z 3 years, 2 months ago http://communities.vmware.com/message/473744?tstart=0#473744 It's solved..<br /> Thanks! Tue, 12 Sep 2006 15:55:13 GMT uwoengin http://communities.vmware.com/message/473744?tstart=0#473744 2006-09-12T15:55:13Z 3 years, 2 months ago 1 http://communities.vmware.com/message/473728?tstart=0#473728 Try temporarily stopping the firewall to see if it resolves the problem, that way you'll know if it's your ESX firewall that's mis-configured or something else.<br /> <br /> <b>/etc/init.d/firewall stop</b> from the service console. Tue, 12 Sep 2006 15:45:59 GMT mittell http://communities.vmware.com/message/473728?tstart=0#473728 2006-09-12T15:45:59Z 3 years, 2 months ago 2 http://communities.vmware.com/message/473725?tstart=0#473725 I tried that method.. It says the ports are opened but I still cannot have access to NetWorker. Tue, 12 Sep 2006 15:43:38 GMT uwoengin http://communities.vmware.com/message/473725?tstart=0#473725 2006-09-12T15:43:38Z 3 years, 2 months ago 3 http://communities.vmware.com/message/473715?tstart=0#473715 At the service console type: <b>esxcfg-firewall -o &lt;port,tcp|udp,in|out,name&gt;</b> to open whatever ports you need. Tue, 12 Sep 2006 15:32:29 GMT mittell http://communities.vmware.com/message/473715?tstart=0#473715 2006-09-12T15:32:29Z 3 years, 2 months ago 4 http://communities.vmware.com/message/473675?tstart=0#473675 I am testing NetWorker 7.2 in Linux system with ESX 3.0.<br /> And I have some problem opening ports between ESX 3.0 and NetWorker 7.2. How do I open additional ports in the serice console firewall in ESX server 3.0 for Legato NetWorker 7.0 - 7.3? Tue, 12 Sep 2006 14:59:48 GMT uwoengin http://communities.vmware.com/message/473675?tstart=0#473675 2006-09-12T14:59:48Z 3 years, 2 months ago 7