本文介绍了解决ESXi防火墙配置问题的方法,通过命令行添加本机IP到允许访问规则集中,实现web界面访问。涉及esxcli命令使用及防火墙规则查看。
之前通过 web 页面配置了仅允许 172.22.110.10 通过 web 页面进行访问,导致我本机无法访问,好在 ssh 可以连接,通过命令修改规则即可。
- 查看命令帮助信息
[root@NODE12:~] esxcli --help
Usage: esxcli [options] {namespace}+ {cmd} [cmd options]
Options:
--formatter=FORMATTER
Override the formatter to use for a given command. Available formatter: keyvalue, xml, csv
--debug Enable debug or internal use options
--version Display version information for the script
-?, --help Display usage information for the script
Available Namespaces:
device Device manager commands
esxcli Commands that operate on the esxcli system itself allowing users to get additional information.
fcoe VMware FCOE commands.
graphics VMware graphics commands.
hardware VMKernel hardware properties and commands for configuring hardware.
iscsi VMware iSCSI commands.
network Operations that pertain to the maintenance of networking on an ESX host. This includes a wide variety of commands to manipulate virtual networking components
(vswitch, portgroup, etc) as well as local host IP, DNS and general host networking settings.
nvme VMware NVMe driver esxcli extensions
rdma Operations that pertain to remote direct memory access (RDMA) protocol stack on an ESX host.
sched VMKernel system properties and commands for configuring scheduling related functionality.
software Manage the ESXi software image and packages
storage VMware storage commands.
system VMKernel system properties and commands for configuring properties of the kernel core system and related system services.
vm A small number of operations that allow a user to Control Virtual Machine operations.
vsan VMware vSAN commands
- 查看防火墙状态,发现状态为启用,不建议直接关闭防火墙,容易被攻击
[root@NODE12:~] esxcli network firewall get
Default Action: DROP
Enabled: true
Loaded: true
- 查看防火墙配置规则 ip 地址,
vSphereClient 172.22.110.10即配置的仅允许该地址通过 web 访问。
[root@NODE12:~] esxcli network firewall ruleset allowedip list
Ruleset Allowed IP Addresses
---------------------- --------------------
sshServer All
sshClient All
nfsClient All
nfs41Client All
dhcp All
dns All
snmp All
ntpClient All
CIMHttpServer All
CIMHttpsServer 172.22.110.0/24
CIMSLP All
iSCSI All
vpxHeartbeats All
updateManager All
faultTolerance All
webAccess All
vMotion All
vSphereClient 172.22.110.10
activeDirectoryAll All
NFC All
HBR All
ftpClient All
httpClient All
gdbserver All
DVFilter All
DHCPv6 All
DVSSync All
syslog All
WOL All
vSPC All
remoteSerialPort All
rdt All
cmmds All
rabbitmqproxy All
ipfam All
vvold All
iofiltervp All
esxupdate All
vit All
vsanEncryption All
pvrdma All
vic-engine All
vsanhealth-unicasttest All
- 将本机 ip 地址加入对应的规则集中,
-i为加入指定的 ip 地址,-r为加入指定的规则集(ruleset)
[root@NODE12:~] esxcli network firewall ruleset allowedip add -i 172.22.110.20 -r vSphereClient
- 查看规则是否生效,可以看到已经将本机 ip 加入规则集中
[root@NODE12:~] esxcli network firewall ruleset allowedip list
Ruleset Allowed IP Addresses
---------------------- -----------------------------
sshServer All
sshClient All
nfsClient All
nfs41Client All
dhcp All
dns All
snmp All
ntpClient All
CIMHttpServer All
CIMHttpsServer 172.22.190.0/24
CIMSLP All
iSCSI All
vpxHeartbeats All
updateManager All
faultTolerance All
webAccess All
vMotion All
vSphereClient 172.22.110.10, 172.22.110.20
activeDirectoryAll All
NFC All
HBR All
ftpClient All
httpClient All
gdbserver All
DVFilter All
DHCPv6 All
DVSSync All
syslog All
WOL All
vSPC All
remoteSerialPort All
rdt All
cmmds All
rabbitmqproxy All
ipfam All
vvold All
iofiltervp All
esxupdate All
vit All
vsanEncryption All
pvrdma All
vic-engine All
vsanhealth-unicasttest All
- 访问 web 端验证,成功
更多命令可以参考 百度知道
扫一扫
1512
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
