When I try to open a range of ports with the command
esxcfg-firewall -o 2500-5000,udp,out,VeeamSCP
it panics
2008-01-16 13:23:18 (3031) ERROR: 'iptables /sbin/iptables -A OUTPUT -p udp --dport 2500-5000 -j ACCEPT' failed
2008-01-16 13:23:18 (3031) ERROR: Panic! Stack trace follows:
2008-01-16 13:23:18 (3031) ERROR: VMware::Panic VMware::Panic::DumpStackTrace in /usr/lib/vmware/esx-perl/perl5/site_perl/5.8.0/VMware/Panic.pm line 59
2008-01-16 13:23:18 (3031) ERROR: main VMware::Panic::Panic in /usr/sbin/esxcfg-firewall line 663
2008-01-16 13:23:18 (3031) ERROR: main main::IpTables in /usr/sbin/esxcfg-firewall line 494
2008-01-16 13:23:18 (3031) ERROR: main main::FWAddCustomPorts in /usr/sbin/esxcfg-firewall line 547
2008-01-16 13:23:18 (3031) ERROR: main main::FWLoad in /usr/sbin/esxcfg-firewall line 1041
2008-01-16 13:23:18 (3031) ERROR: Getopt::Long main::OpenPort in /usr/lib/perl5/5.8.0/Getopt/Long.pm line 478
2008-01-16 13:23:18 (3031) ERROR: Getopt::Long (eval) in /usr/lib/perl5/5.8.0/Getopt/Long.pm line 477
2008-01-16 13:23:18 (3031) ERROR: main Getopt::Long::GetOptions in /usr/sbin/esxcfg-firewall line 1133
2008-01-16 13:23:18 (3031) ERROR: Making panic callbacks...
2008-01-16 13:23:18 (3031) ERROR: Done, exiting with code -19. Goodbye!
But when quering the configuration I get
Opened ports:
VeeamSCP : port 2500-5000 udp.out
as a result.
Is this becouse the range is conflicting with the EMC AAM Client definition?
you should use a colon not a dash as a seperator. check my article
http://www.yellow-bricks.com/2007/12/27/port-range-and-esxcfg-firewall/
Duncan
My virtualisation blog:
From a security point of view why would you open the whole range? If you right-click the server object in Veeam FastSCP, go to properties then the advanced tab you can narrow down the range of ports used to just one (I would suggest 2500 as it is the lower end of the range) then open only that port in the firewall.
you should use a colon not a dash as a seperator. check my article
http://www.yellow-bricks.com/2007/12/27/port-range-and-esxcfg-firewall/
Duncan
My virtualisation blog:
Thanks,
esxcfg-firewall -o 2500:2510,tcp,in,VeeamSCP
did the trick (I also limited the port range in VeeamFastSCP accordingly).