Manualshelf

Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEnterprise Solution Resources
12345678910
10 No Restrictions | iDRAC Access via Host Operating System
3 iDRAC Access via Linux Operating Systems
Upon adding a valid listen port number; iSM will add DNAT and SNAT rules which will redirect the
connections on the user configured listening port to iDRAC. If the listen port number is not specified, then
iSM shall configure this feature using the IANA granted port number “1266.” There is an additional NAT rule
added in the PREROUTING Chain to block the incoming connections on the listening port. The administrator
is expected to validate the newly added NAT rules and delete the blocking rule in order to activate iDRAC
access feature via host OS IP.
The blocking NAT rule is configured as mentioned below.
# iptables -t nat L
target prot opt source destination
RETURN tcp -- anywhere anywhere tcp dpt:<listen-port>
The rule can be removed with the following command:
iptables -t nat -D PREROUTING -p tcp --dport <listen-port> -j RETURN
These are the basic configurations required to access iDRAC interfaces through the OS. To access the iDRAC
GUI, use the following format in the browser: https://<host-name or OS-IP>:<listen-port>/login.html
NOTE: For details on how to configure SNAT and DNAT rules, refer:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s1-
firewall-ipt-fwd.html. The configuration may vary based on the Linux distribution used.
3.1 Configuration using Linux Command line
The administrator has the option of enabling or disabling this feature using the iDRAC Service Module
provided Linux Command Line Executable file . Also if this feature is already configured, it can be disabled
or modified using the Command Line.
The Command Line Executable Name: Enable-iDRACAccessHostRoute.
The command
# /opt/dell/srvadmin/iSM/bin/Enable-iDRACAccessHostRoute
Usage
./Enable-iDRACAccessHostRoute <Enable-Flag> [ <source-port> <source-IP-range/source-ip-range-
mask>]
Where:
<Enable-Flag>: Possible values are 0 for Disable and 1 for Enable
<source-IP-range>: should be in the format of <IP-Address/subnet-mask>. For Example, 10.95.146.98/24