The operating system on VMware ESX 3 is a striped down version of linux. It has only the bare necessities for VMware to function. I wanted to configure a cron job to email the log file, but because sendmail is not installed the mailto command did not work.
I decided to write a script to automatically upload the log file to an FTP server and then create a schedule on this FTP server to email the log. In order to get this script working I had to open up outbound traffic on the firewall of the VMware ESX server.
The first thing I did was to open the outbound ports for FTP client. You must connect to the command line interface via SSH and login as root. Then enter the commands below.
esxcfg-firewall – -openPort 20,tcp,out,FTP
esxcfg-firewall – -openPort 21,tcp,out,FTP
esxcfg-firewall – -enableService ftpClient
I then proceeded to test the outbound ftp connection. The ftp authentication worked, I was connected to the remote server. But the ls, dir, put commands would not work. This is because these commands use dynamic ports.
I had no choice but to disable all firewall policies for outbound connection to get the ftp client fully functional. Here is the VMware ESX command that will disable all outbound firewall policies.
You will get the below warning message after the above command is executed.
2009-08-24 14:52:53 (31448) WARN : Setting firewall default /firewall/blockOutgoing to 0