VMware Cloud Community
jlarson
Enthusiast
Enthusiast
‎10-04-2007 01:34 PM
Jump to solution

iptables Restart Required after Patching 3.0.1 with May and July Patches

I realize that we should be putting on September patches now, but our release process is a bit behind right now. Smiley Happy

We patched 6 of our ESX 3.0.1 servers to be current up through the July patches and had an interesting issue. It showed up as being unable to FTP to the host even though the firewall was configured to allow it. It was working prior to the patch run, but afterwards FTP connections would fail. The temporary fix was to restart iptables with no other changes to the ESX host. The hosts were rebooted after the patch run.

Is this a known issue? If so, do you know which of the patches would have caused it? I did look through the patch notes and did not see anything relating to firewall or iptables.

Thanks, Jim

0 Kudos
1 Solution

Accepted Solutions
Texiwill
Leadership
Leadership
‎10-04-2007 03:01 PM
Jump to solution

Hello,

Did you use service firewall restart or did you use service iptables restart? If you used the later then quite a bit of the firewall is missing.

Restarting iptables using the first option is the right way to do things. If the XML files are messed up for some reason, perhaps third party tools, then there is a chance the firewall will not load properly. I had this issue but it not only kept the firewall from running but hostd also died on me.

Best regards,

Edward L. Haletky, author of the forthcoming 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', publishing January 2008, (c) 2008 Pearson Education

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

View solution in original post

0 Kudos
1 Reply
Texiwill
Leadership
Leadership
‎10-04-2007 03:01 PM
Jump to solution

Hello,

Did you use service firewall restart or did you use service iptables restart? If you used the later then quite a bit of the firewall is missing.

Restarting iptables using the first option is the right way to do things. If the XML files are messed up for some reason, perhaps third party tools, then there is a chance the firewall will not load properly. I had this issue but it not only kept the firewall from running but hostd also died on me.

Best regards,

Edward L. Haletky, author of the forthcoming 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', publishing January 2008, (c) 2008 Pearson Education

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos