Firewall Ports on ESXi 5.0 hypervisor?

Figgis · ‎07-25-2014

Hi,

I have a very basic set up of the free version of hypervisor 5.0 on which I'm running 3 vm's. On these VM's I have a couple of MySql databases which I want accessible from the internet. My host machine sits behind a router with NAT built in. None of my databases or other apps I have running are accessible from the internet. I've checked everything I can and the only thing I can see that would be interfering with the communication is the built in firewall on hypervisor. I cant see how you manually add ports to open on this firewall or even to switch it off completely. Could some one please suggest how I can open these ports or switch the firewall off please. The ports I need to open are 3306 and 1221.

heldstma · ‎07-25-2014

Hello. The system you will need to modify the firewall on, is your MySQL server. The free ESXi hypervisor will have a network interface that will comprise your management interface, and virtual machine traffic will not use the IP address associated with your management interface.

When you connect using the vSphere Client to your ESXi host, is that IP address on the same subnet as your MySQL server? I figure it is not since you are using NAT.

Here are a couple of questions:

* Can you ping the MySQL server?

* Is the MySQL server Linux?

* Can you SSH to the MySQL server via TCP port 22?

* Can you telnet to ports 3306 and 1221 while you are connected to the MySQL server (using either localhost or the host IP address)

* If you can connect via localhost, but not the host IP address, are you sure the MySQL server is listening on 3306 and 1221 on the proper IP address?

netstat -an | grep 3306

netstat -an | grep 1221

These will show you if the public or private IP (or both) are listening.

Hope this helps!

Matt

Figgis · ‎07-27-2014

All machines are on the same subnet.

The firewall on the VM is switched off

I can ping the vm from within the same subnet

The vm is running windows xp

I can not SHH the VM but I can the host

I can not telnet the vm using any method at all. It states a connection could not be made on port 23

I can connect to the MySql DB from the same subnet but not from the internet ( data is used on an external website)

Both of the netstat commands fail stating that grep is not a recognised program, batch file etc.

The only thing I can see that might make a difference is the firewall built into ESXi.

I appreciate your help.

heldstma · ‎07-27-2014

OK. Some things to try:

When you ping the VM within the same subnet, are you pinging from a device outside of the ESX server? Try that and see what happens.

Can you connect to the MySQL DB from the same subnet, but on a system outside the ESX host?

To telnet to a port other than TCP 23, you need to type "telnet hostname 3306" ...to try connecting to TCP 3306. If you get a blinking cursor, you have connectivity. If not, it will say it failed. When you get a blinking cursor, you need to type CTRL - ] (control, right square bracket) to disconnect.

Also, in Windows XP, you should be able to type netstat -an | find "3306" instead of grep (which is a linux command)

Figgis · ‎07-28-2014

I can connect from an external machine from the same subnet.

When pinging it is from an external machine.

The telnet worked from within the VM

The revised netstat command worked on both ports. However the 3306 returned about 6 results but the 1221 only returned 1