VMware Cloud Community
dave012345
Enthusiast
Enthusiast
Jump to solution

how to open a port on VCSA 6.0?

I'm attempting to open a specific TCP port on the firewall on vCenter Server Appliance 6.0. I found the documentation here but it doesn't seem to allow me to specify a port. When I telnet to my VCSA from the specified IP address the port times out.

root@<server>:~ # telnet <vcsa> <tcp port>

Trying <vcsa>...

telnet: connect to address <vcsa>: Operation timed out

telnet: Unable to connect to remote host

Tags (2)
Reply
0 Kudos
1 Solution

Accepted Solutions
dave012345
Enthusiast
Enthusiast
Jump to solution

The trick turned out to be using the IPTABLES command

View solution in original post

Reply
0 Kudos
4 Replies
vNEX
Expert
Expert
Jump to solution

Hi,

which specific port you cannot access? VCSA services are listening on following ports:

VMware KB: Required ports for vCenter Server Appliance 5.x

If you want to verify which services listening on which ports use "lsof -i" in VCSA console

or perform remote scan with nmap ...etc.


Regarding firewall configuration and defining what IPs/ports are allowed or not refer to this KB:

VMware KB: Updating the vCenter Server Appliance (vCSA) firewall rules to DISA STIG compliance

_________________________________________________________________________________________ If you found this or any other answer helpful, please consider to award points. (use Correct or Helpful buttons) Regards, P.
Reply
0 Kudos
dave012345
Enthusiast
Enthusiast
Jump to solution

Trying to access port 10050.

The documentation you linked is for VCSA 5.1 and 5.5, not 6.0, but thanks though.

I can't really fathom that it's not possible to gain control over the firewall configuration. Then again it is hardened.

Reply
0 Kudos
dave012345
Enthusiast
Enthusiast
Jump to solution

The trick turned out to be using the IPTABLES command

Reply
0 Kudos
cans
Contributor
Contributor
Jump to solution

First thanks for the tip ! :slightly_smiling_face:

But .... Seems to be not persistent accross reboot ?

EDIT: perhaps adding a file with the right format in /etc/vmware/appliance/firewall/ shoud do the trick. Will try to test that

Reply
0 Kudos