Purpose
Resolution
- Open the required firewall ports. For more information, see User defined xml firewall configurations are not persistent across ESXi host reboots (2007381).
This example shows a rule set .xml file to open TCP, port 2222:SSH 2222 inbound tcp dst 2222 true false - Copy /etc/services to permanent storage (it can be on the same location as the firewall rules are stored, such as /vmfs/volumes/datastore1/hostname_etc/).
- Edit the copy of services on permanent storage to and change the port for SSH.
ssh 2222/tcp # SSH Remote Login Protocol
ssh 2222/udp # SSH Remote Login Protocol - Edit /etc/rc.local so the created files are copied back to host at boot time. These example lines would be added at the end of the file:
#Copy the new firewall rule from vmfs place holder to file system
cp /vmfs/volumes/datastore1/etc/ssh_2222.xml/etc/vmware/firewall/
#refresh firewall rules
esxcli network firewall refresh
#Copy the modified services file from vmfs place holder to file system
cp /vmfs/volumes/datastore1/etc/services/etc/services
#Restart inetd to get the changes
kill -HUP `cat /var/run/inetd.pid` - Reboot the host, and attempt to connect to the host on the chosen port to verify that the changes were successful.
Based on VMware KB 2011818
