vSphere Hypervisor Firewall

aliengin · ‎12-02-2011

Hello,

I've problems with securing my vSphere Hypervisor host machine. First I tried to change default ssh port but couldn't find a way to do it by vSphere Client. Then I did the change from /etc/ssh/sshd_config file but it didn't work too. At last, I made it by editing the ports in /etc/service file but then I couldn't find a way to allow the new port to inbound connections in firewall settings. Now I can't access to SSH because it's all blocked except vSphere service ports and there is no way to open a new port or service.

vSphere Client has only on/off/ip settings in Security Profile in Configurations tab, but I couldn't make that functions work too. I don't want everybody to see my Web Access screen when they type my ip address to their browser but I couldn't close that too. I uncheck the vSphere Web Access from Firewall Properties but I can still see the web access screen from a remote computer.

It looks like I can't install any third party software to the vSphere too.

Is there a chance that I can configure my own settings, changing default ports on firewall and get some protection against brute force attacks? Am I looking for too much? I got dosens of brute force attacks to ssh port in the last three days and I dont' know how many I got to vSphere Client port.

Thanks

Engin

Dave_Mishchenko · ‎12-02-2011

Once you've changed the SSH port you'll need to create a custom firewall rule. See a how to doc here - http://www.virtuallyghetto.com/2011/07/how-to-create-custom-firewall-rules-in.html.

aliengin · ‎12-03-2011

Thanks,

Still have no idea about installing a iptables based firewall, brute force or ddos defender.

Dave_Mishchenko · ‎12-03-2011

ESXi uses bits and pieces of Linux and other open source tools, but the kernel is not Linux based. Thus you can't install just any package on ESXi.

All

vSphere Hypervisor Firewall