无法从网络外到达ESXi GUI,使用iptables在RPI上向前移动(拉伸)
无法从网络外到达ESXi GUI,使用iptables在RPI上向前移动(拉伸)
提问于 2019-02-15 21:18:47
目标:使用PC 2和PC 1的浏览器连接到VM的拓扑如下:
VM (ESX Server) <--> (eth0)RPI(wlan0) <--> FunBox Router <--> ISP -- PC 2
^
PC 1以下是iptables的片段:
pi@readonly:/etc$ sudo iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:170 to:192.168.2.83:22
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:171 to:192.168.2.83:80
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:8080
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:443
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:903
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 ·systemctl status片段:
State: degraded
Jobs: 0 queued
Failed: 1 units
Since: Thu 1970-01-01 01:00:02 BST; 49 years 1 months ago
CGroup: /
├─user.slice
│ └─user-1000.slice
│ ├─user@1000.service
│ │ └─init.scope
│ │ ├─701 /lib/systemd/systemd --user
│ │ └─704 (sd-pam)
│ └─session-c1.scope
│ ├─696 sshd: pi [priv]
│ ├─711 sshd: pi@pts/0
│ ├─714 -bash
│ ├─797 systemctl status
│ └─798 pager
├─init.scope
│ └─1 /sbin/init
└─system.slice
├─systemd-timesyncd.service
│ └─267 /lib/systemd/systemd-timesyncd
├─dbus.service
│ └─318 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
├─hciuart.service
│ └─466 /usr/bin/hciattach /dev/serial1 bcm43xx 3000000 flow - b8:27:eb:30:50:9d
├─ssh.service
│ └─616 /usr/sbin/sshd -D
├─dnsmasq.service
│ └─625 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
├─avahi-daemon.service
│ ├─353 avahi-daemon: running [readonly.local]
│ └─371 avahi-daemon: chroot helper
├─system-getty.slice
│ └─getty@tty1.service
│ └─611 /sbin/agetty --noclear tty1 linux
├─triggerhappy.service
│ └─345 /usr/sbin/thd --triggers /etc/triggerhappy/triggers.d/ --socket /run/thd.socket --user nobody --deviceglob /dev/input/event*
├─systemd-logind.service
│ └─339 /lib/systemd/systemd-logind
├─cron.service
│ └─335 /usr/sbin/cron -f
├─systemd-udevd.service
│ └─127 /lib/systemd/systemd-udevd
├─rsyslog.service
│ └─317 /usr/sbin/rsyslogd -n
├─bluetooth.service
│ └─472 /usr/lib/bluetooth/bluetoothd
├─networking.service
│ ├─441 /sbin/wpa_supplicant -s -B -P /run/wpa_supplicant.wlan0.pid -i wlan0 -D nl80211,wext -C /run/wpa_supplicant
│ └─535 /sbin/dhclient -4 -v -pf /run/dhclient.wlan0.pid -lf /var/lib/dhcp/dhclient.wlan0.leases -I -df /var/lib/dhcp/dhclient6.wlan0.leases wlan0
└─systemd-journald.service
└─91 /lib/systemd/systemd-journald·另一个片段:
pi@readonly:/etc$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination ·我能够从PC 1和PC 2端口22到达ESXi SSH:
[SSH] Server Version OpenSSH_7.7
[SSH] Logged in (keyboard-interactive)
The time and date of this login have been sent to the system logs.
WARNING:
All commands run on the ESXi shell are logged and may be included in
support bundles. Do not provide passwords directly on the command line.
Most tools can prompt for secrets or accept them from standard input.
VMware offers supported, powerful system administration tools. Please
see www.vmware.com/go/sysadmintools for details.
The ESXi Shell can be disabled by an administrative user. See the
vSphere Security documentation for more information.
[root@vmbox:~] help·RPI上的ifconfig片段:
eth0: flags=4163 mtu 1500
inet 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255
inet6 fe80::ba27:ebff:fe9a:fa37 prefixlen 64 scopeid 0x20
ether b8:27:eb:9a:fa:37 txqueuelen 1000 (Ethernet)
RX packets 80 bytes 10371 (10.1 KiB)
RX errors 0 dropped 10 overruns 0 frame 0
TX packets 115 bytes 14448 (14.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 172 bytes 14220 (13.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 172 bytes 14220 (13.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163 mtu 1500
inet 192.168.1.21 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::ba27:ebff:fecf:af62 prefixlen 64 scopeid 0x20
ether b8:27:eb:cf:af:62 txqueuelen 1000 (Ethernet)
RX packets 998 bytes 66198 (64.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 648 bytes 107537 (105.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0·无法从PC 1或PC 2到达ESXi图形用户界面
·ESXi接口配置DHCP和RPI,设置dhcpcd,分配IP,我可以在ESXi上看到:To manage this host go to: http://192.168.2.83/。
·能够从ESXi中平PC 1和PC 2
问:如何修复它,以便能够从PC 1和PC 2到达ESXi的图形用户界面?
回答 1
Unix & Linux用户
回答已采纳
发布于 2019-02-15 21:38:10
你在里面有个小错误。在管理ESXi所需的端口列表中,它是902/TCP,而不是903/TCP。
在某些情况下,您可能还需要902/UDP。
见vmware白皮书vSphere客户端的TCP和UDP端口
- 443 (违约)
HTTPS访问vSphere客户端访问vCenter服务器vSphere客户端访问ESXi主机vSphere客户端访问vSphere更新管理器传入ESXi主机
- 902 (违约)
vSphere客户端对虚拟机控制台的访问包括传入的TCP到ESXi主机、传出TCP来自ESXi主机、传出UDP来自ESXi主机。
页面原文内容由Unix & Linux提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://unix.stackexchange.com/questions/500949
复制相关文章
相似问题
腾讯云开发者
