I realize that we should be putting on September patches now, but our release process is a bit behind right now.
We patched 6 of our ESX 3.0.1 servers to be current up through the July patches and had an interesting issue. It showed up as being unable to FTP to the host even though the firewall was configured to allow it. It was working prior to the patch run, but afterwards FTP connections would fail. The temporary fix was to restart iptables with no other changes to the ESX host. The hosts were rebooted after the patch run.
Is this a known issue? If so, do you know which of the patches would have caused it? I did look through the patch notes and did not see anything relating to firewall or iptables.
Thanks, Jim
Hello,
Did you use service firewall restart or did you use service iptables restart? If you used the later then quite a bit of the firewall is missing.
Restarting iptables using the first option is the right way to do things. If the XML files are messed up for some reason, perhaps third party tools, then there is a chance the firewall will not load properly. I had this issue but it not only kept the firewall from running but hostd also died on me.
Best regards,
Edward L. Haletky, author of the forthcoming 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', publishing January 2008, (c) 2008 Pearson Education
Hello,
Did you use service firewall restart or did you use service iptables restart? If you used the later then quite a bit of the firewall is missing.
Restarting iptables using the first option is the right way to do things. If the XML files are messed up for some reason, perhaps third party tools, then there is a chance the firewall will not load properly. I had this issue but it not only kept the firewall from running but hostd also died on me.
Best regards,
Edward L. Haletky, author of the forthcoming 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', publishing January 2008, (c) 2008 Pearson Education