Skip to content

unblock

How to open up all ports on VMware ESXi 5, 5.1 & 5.5 to specific IP addresses or subnet

It a lab environment, and very limited production scenarios, it’s often very useful to open all ports, TCP and UDP, but only to certain IP addresses, subnets, or IP address ranges. I have found very little info on this specifically, so I thought I would whip up this guide so you know an easy way to open up all ports for specific addresses. This will work on VMware ESXi 5, 5.1 and 5.5 for sure, but it will most likely work for most versions of ESXi, although I have not tested it. Please let me know if the comments if you have luck on non 5.x versions, specifically 4.x and 6.x.

Basically, we are going to create 4 firewall rules, each does the following:

  • Open all UDP ports inbound (ports 1-60,000).
  • Open all UDP ports outbound (ports 1-60,000).
  • Open all TCP ports inbound (ports 1-60,000).
  • Open all TCP ports outbound (ports 1-60,000).

Once that’s done we’ll lock access down to a specific address(s) via the vSphere Client. First, go ahead and SSH into your ESXi host. Once you are at a command prompt you will need to edit /etc/vmware/firewall/service.xml. I prefer nano, but that’s not available on ESXi, so we have to use VI. First, lets make a backup of the file and change permissions so we can edit the file.

# cp /etc/vmware/firewall/service.xml /etc/vmware/firewall/service.xml.bak
# chmod 644 /etc/vmware/firewall/service.xml
# chmod +t /etc/vmware/firewall/service.xml

Now we have a backup of the service.xml file, called service.xml.bak. We have also allowed writes to service.xml and toggled the sticky bit. Lets go ahead and open service.xml with vi.

# vi /etc/vmware/firewall/service.xml

The service.xml file is the main template for firewall rules, specifically pertaining to ports. It is what populates all of the available information on the Security Profile > Firewall tab in the vSphere Client. It is here we are going to add our four rules. If you are unfamiliar with vi, it can be a big confusing. Here are some pointers for you:

  • When you first enter vi, you cannot manipulate any text. to do so, hit the “i” key. This puts you in “insert” mode.
  • Once selecting “i” you can move about freely and add/edit at will.
  • After making all needed changes, press the “ESC” key, the “:” – This puts you in vi command mode.
  • At the “:” prompt, enter “w” (for write) and q (for quit) and then press enter. So it should look like this :wq
  • You have just saved and exited. That’s it. So, lets continue.

Click here to continue reading this tutorial