rrivett
04-08-2009, 11:12 AM
I recently encountered a problem that was traced to a firewall running on ESX 3.5. I used both the service console and the vi_client to interact with ESX. “chkconfig –list” showed that the Linux “iptables” firewall is OFF, and that the ESX “firewall” firewall service is ON. I used /etc/init.d/firewall start | stop | status” to stop and start this service to troubleshoot the problem. I also used the ‘esxcfg-firewall” command to open the outbound port needed to correct a problem.
While digging in to this topic, I read several documents that state that I need to use “iptables” commands to turn the ESX firewall off and on, and that there are other ties or linkages between “esxcfg-firewall “and “iptables”. However, I strictly used the above ESX commands.
Are the ESX commands that I used a bunch of “front-end” type interfaces for the Linux “iptables” firewall, or are “iptables” and “esxcfg-firewall” two totally separate and independent firewall services on an ESX 3.5 system?
If so, which one is better or which one should be used?
Ronald R. Rivett
Wyle Information Systems
NASA Glenn Research Center
Mail Stop 142-3
21000 Brookpark Road
Cleveland, Ohio 44135
phone: 216.433.3316
e-mail: Ronald.R.Rivett@nasa.gov
While digging in to this topic, I read several documents that state that I need to use “iptables” commands to turn the ESX firewall off and on, and that there are other ties or linkages between “esxcfg-firewall “and “iptables”. However, I strictly used the above ESX commands.
Are the ESX commands that I used a bunch of “front-end” type interfaces for the Linux “iptables” firewall, or are “iptables” and “esxcfg-firewall” two totally separate and independent firewall services on an ESX 3.5 system?
If so, which one is better or which one should be used?
Ronald R. Rivett
Wyle Information Systems
NASA Glenn Research Center
Mail Stop 142-3
21000 Brookpark Road
Cleveland, Ohio 44135
phone: 216.433.3316
e-mail: Ronald.R.Rivett@nasa.gov