I notice that ports used by VI3.5 slidely differ from the onces used at VI3.X.
Can somebody give me a list of the ports used at VI3.5 and their purpose.
Thank you!
You might like this:
http://www.boche.net/blog/wp-content/uploads/2008/11/vmware_network_ports.pdf
Check out page 183 of - list all the ports necessary for management access -
If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
Hello,
Almost everything has moved to reverse proxy so in essence you may be able to get away with NTP, SSH, and HTTPS only available. As of ESX v3.5 Update 2, port 902 for example is not necessary to be open on your esx firewall.
Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
SearchVMware Blog: http://itknowledgeexchange.techtarget.com/virtualization-pro/
Blue Gears Blogs - http://www.itworld.com/ and http://www.networkworld.com/community/haletky
As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization
The VMware Network Communications ESX3.5 and VC2.5 is not correct by the defaults of the standard ESX firewall settings (iptables -L) which show that the License Server TCP ports 27000 and 27010 are only allowed for outgoing traffic.
So the arrows should point ONLY out to the License Server NOT both ways.
If you want to test this try to NMAP to a ESX server: nmap -sT -p 27000,27010
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on xxxxxxxxxxxxxx (xxx.xxx.xxx.xxx):
Port State Service
27000/tcp filtered unknown
27010/tcp filtered unknown
These are the standard results of iptables -L from the ESX service console
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
valid-tcp-flags tcp -- anywhere anywhere
valid-source-address !udp -- anywhere anywhere
valid-source-address-udp udp -- anywhere anywhere
valid-source-address tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
icmp-in icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:vmware-authd state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT udp -- anywhere anywhere udp dpt:svrloc
ACCEPT tcp -- anywhere anywhere tcp dpt:svrloc state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:5989 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:snmp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:5988 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:2301
ACCEPT tcp -- anywhere anywhere tcp dpt:2381
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
valid-tcp-flags tcp -- anywhere anywhere
icmp-out icmp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:domain
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:vmware-authd state NEW
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT udp -- anywhere anywhere udp spt:svrloc
ACCEPT tcp -- anywhere anywhere tcp spt:svrloc state NEW
ACCEPT udp -- anywhere anywhere udp dpt:ntp
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:vmware-authd state NEW
ACCEPT udp -- anywhere anywhere udp dpt:snmptrap
ACCEPT udp -- anywhere anywhere udp dpt:902 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:27000 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:27010 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:402
ACCEPT tcp -- anywhere anywhere tcp dpt:280
ACCEPT tcp -- anywhere anywhere tcp dpt:4300
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain icmp-in (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
DROP all -- anywhere anywhere
Chain icmp-out (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
DROP all -- anywhere anywhere
Chain log-and-drop (7 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level debug tcp-options ip-options
DROP all -- anywhere anywhere
Chain valid-source-address (2 references)
target prot opt source destination
DROP all -- localhost.localdomain anywhere
DROP all -- 0.0.0.0/8 anywhere
DROP all -- anywhere 255.255.255.255
Chain valid-source-address-udp (1 references)
target prot opt source destination
DROP all -- localhost.localdomain anywhere
DROP all -- 0.0.0.0/8 anywhere
Chain valid-tcp-flags (2 references)
target prot opt source destination
log-and-drop tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
log-and-drop tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
log-and-drop tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH
log-and-drop tcp -- anywhere anywhere tcp flags:ACK,URG/URG
log-and-drop tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
log-and-drop tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
log-and-drop tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
