Dennis2
Contributor
Contributor

esxcfg-firewall -o fort port rasnge panicin

Jump to solution

When I try to open a range of ports with the command

esxcfg-firewall -o 2500-5000,udp,out,VeeamSCP

it panics

2008-01-16 13:23:18 (3031) ERROR: 'iptables /sbin/iptables -A OUTPUT -p udp --dport 2500-5000 -j ACCEPT' failed

2008-01-16 13:23:18 (3031) ERROR: Panic! Stack trace follows:

2008-01-16 13:23:18 (3031) ERROR: VMware::Panic VMware::Panic::DumpStackTrace in /usr/lib/vmware/esx-perl/perl5/site_perl/5.8.0/VMware/Panic.pm line 59

2008-01-16 13:23:18 (3031) ERROR: main VMware::Panic::Panic in /usr/sbin/esxcfg-firewall line 663

2008-01-16 13:23:18 (3031) ERROR: main main::IpTables in /usr/sbin/esxcfg-firewall line 494

2008-01-16 13:23:18 (3031) ERROR: main main::FWAddCustomPorts in /usr/sbin/esxcfg-firewall line 547

2008-01-16 13:23:18 (3031) ERROR: main main::FWLoad in /usr/sbin/esxcfg-firewall line 1041

2008-01-16 13:23:18 (3031) ERROR: Getopt::Long main::OpenPort in /usr/lib/perl5/5.8.0/Getopt/Long.pm line 478

2008-01-16 13:23:18 (3031) ERROR: Getopt::Long (eval) in /usr/lib/perl5/5.8.0/Getopt/Long.pm line 477

2008-01-16 13:23:18 (3031) ERROR: main Getopt::Long::GetOptions in /usr/sbin/esxcfg-firewall line 1133

2008-01-16 13:23:18 (3031) ERROR: Making panic callbacks...

2008-01-16 13:23:18 (3031) ERROR: Done, exiting with code -19. Goodbye!

But when quering the configuration I get

Opened ports:

VeeamSCP : port 2500-5000 udp.out

as a result.

Is this becouse the range is conflicting with the EMC AAM Client definition?

0 Kudos
1 Solution

Accepted Solutions
depping
Leadership
Leadership

you should use a colon not a dash as a seperator. check my article Smiley Happy

http://www.yellow-bricks.com/2007/12/27/port-range-and-esxcfg-firewall/

Duncan

My virtualisation blog:

View solution in original post

0 Kudos
3 Replies
dfgl
Hot Shot
Hot Shot

From a security point of view why would you open the whole range? If you right-click the server object in Veeam FastSCP, go to properties then the advanced tab you can narrow down the range of ports used to just one (I would suggest 2500 as it is the lower end of the range) then open only that port in the firewall.

depping
Leadership
Leadership

you should use a colon not a dash as a seperator. check my article Smiley Happy

http://www.yellow-bricks.com/2007/12/27/port-range-and-esxcfg-firewall/

Duncan

My virtualisation blog:

0 Kudos
Dennis2
Contributor
Contributor

Thanks,

esxcfg-firewall -o 2500:2510,tcp,in,VeeamSCP

did the trick (I also limited the port range in VeeamFastSCP accordingly).

0 Kudos