Installation guide
Prerequisites
n Identify the ports for which you must configure the firewall. See "OS Provisioning Server Network
Requirements" on page172.
n Ensure that you do not accidentally lose your iptables changes. In the iptables-config file,
determine whether IPTABLES_SAVE_ON_STOP or IPTABLES_SAVE_ON_RESTART are set to yes.
Procedure
1. On the OS Provisioning Server, log in as root.
2. Change directory to /etc/sysconfig.
3. In the /etc/sysconfig directory , open the iptables file.
4. Add -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport <port
number> -j ACCEPT to the file to allow communication on the designated port.
See the highlighted example.
# Generated by iptables-save v1.3.5 on Fri Dec 3 14:51:10 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [468:43292]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport <port
number> -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Dec 3 14:51:10 2010
5. Run the service iptables restart command to restart the iptables service.
vCenter Configuration Manager Advanced Installation Guide
174
VMware, Inc.