Unable to reach ESXi GUI from outside the network, using iptables FORWARD on RPI (Stretch)
0
Goal: to connect to the VM GUI using browser of PC 2 and PC 1
Here is the topology:
VM (ESX Server) <--> (eth0)RPI(wlan0) <--> FunBox Router <--> ISP -- PC 2
^
PC 1
• Here is the snippet from iptables:
pi@readonly:/etc$ sudo iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:170 to:192.168.2.83:22
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:171 to:192.168.2.83:80
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:8080
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:443
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:903
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
• Snippet of systemctl status:
State: degraded
Jobs: 0 queued
Failed: 1 units
Since: Thu 1970-01-01 01:00:02 BST; 49 years 1 months ago
CGroup: /
├─user.slice
│ └─user-1000.slice
│ ├─user@1000.service
│ │ └─init.scope
│ │ ├─701 /lib/systemd/systemd --user
│ │ └─704 (sd-pam)
│ └─session-c1.scope
│ ├─696 sshd: pi [priv]
│ ├─711 sshd: pi@pts/0
│ ├─714 -bash
│ ├─797 systemctl status
│ └─798 pager
├─init.scope
│ └─1 /sbin/init
└─system.slice
├─systemd-timesyncd.service
│ └─267 /lib/systemd/systemd-timesyncd
├─dbus.service
│ └─318 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
├─hciuart.service
│ └─466 /usr/bin/hciattach /dev/serial1 bcm43xx 3000000 flow - b8:27:eb:30:50:9d
├─ssh.service
│ └─616 /usr/sbin/sshd -D
├─dnsmasq.service
│ └─625 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
├─avahi-daemon.service
│ ├─353 avahi-daemon: running [readonly.local]
│ └─371 avahi-daemon: chroot helper
├─system-getty.slice
│ └─getty@tty1.service
│ └─611 /sbin/agetty --noclear tty1 linux
├─triggerhappy.service
│ └─345 /usr/sbin/thd --triggers /etc/triggerhappy/triggers.d/ --socket /run/thd.socket --user nobody --deviceglob /dev/input/event*
├─systemd-logind.service
│ └─339 /lib/systemd/systemd-logind
├─cron.service
│ └─335 /usr/sbin/cron -f
├─systemd-udevd.service
│ └─127 /lib/systemd/systemd-udevd
├─rsyslog.service
│ └─317 /usr/sbin/rsyslogd -n
├─bluetooth.service
│ └─472 /usr/lib/bluetooth/bluetoothd
├─networking.service
│ ├─441 /sbin/wpa_supplicant -s -B -P /run/wpa_supplicant.wlan0.pid -i wlan0 -D nl80211,wext -C /run/wpa_supplicant
│ └─535 /sbin/dhclient -4 -v -pf /run/dhclient.wlan0.pid -lf /var/lib/dhcp/dhclient.wlan0.leases -I -df /var/lib/dhcp/dhclient6.wlan0.leases wlan0
└─systemd-journald.service
└─91 /lib/systemd/systemd-journald
• Another snippet:
pi@readonly:/etc$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
• I am able to reach the ESXi SSH on port 22, from both, PC 1 and PC 2:
[SSH] Server Version OpenSSH_7.7
[SSH] Logged in (keyboard-interactive)
The time and date of this login have been sent to the system logs.
WARNING:
All commands run on the ESXi shell are logged and may be included in
support bundles. Do not provide passwords directly on the command line.
Most tools can prompt for secrets or accept them from standard input.
VMware offers supported, powerful system administration tools. Please
see www.vmware.com/go/sysadmintools for details.
The ESXi Shell can be disabled by an administrative user. See the
vSphere Security documentation for more information.
[root@vmbox:~] help
• Snippet of ifconfig on RPI:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255
inet6 fe80::ba27:ebff:fe9a:fa37 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:9a:fa:37 txqueuelen 1000 (Ethernet)
RX packets 80 bytes 10371 (10.1 KiB)
RX errors 0 dropped 10 overruns 0 frame 0
TX packets 115 bytes 14448 (14.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 172 bytes 14220 (13.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 172 bytes 14220 (13.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.21 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::ba27:ebff:fecf:af62 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:cf:af:62 txqueuelen 1000 (Ethernet)
RX packets 998 bytes 66198 (64.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 648 bytes 107537 (105.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
• Not able to reach the ESXi GUI neither from PC 1, nor PC 2
• ESXi interface is configured with DHCP and on RPI, is set dhcpcd, the IP is assigned, and I able to see:
To manage this host go to: on the ESXi.
http://192.168.2.83/
• Able to ping PC 1 and PC 2 from ESXi
Question:
How to fix it, in order to be able to reach the GUI of ESXi from the PC 1 and PC 2?
debian iptables raspberry-pi
asked 6 mins ago
readonlyreadonly
11
New contributor
readonly is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
0
Goal: to connect to the VM GUI using browser of PC 2 and PC 1
Here is the topology:
VM (ESX Server) <--> (eth0)RPI(wlan0) <--> FunBox Router <--> ISP -- PC 2
^
PC 1
• Here is the snippet from iptables:
pi@readonly:/etc$ sudo iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:170 to:192.168.2.83:22
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:171 to:192.168.2.83:80
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:8080
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:443
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:903
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
• Snippet of systemctl status:
State: degraded
Jobs: 0 queued
Failed: 1 units
Since: Thu 1970-01-01 01:00:02 BST; 49 years 1 months ago
CGroup: /
├─user.slice
│ └─user-1000.slice
│ ├─user@1000.service
│ │ └─init.scope
│ │ ├─701 /lib/systemd/systemd --user
│ │ └─704 (sd-pam)
│ └─session-c1.scope
│ ├─696 sshd: pi [priv]
│ ├─711 sshd: pi@pts/0
│ ├─714 -bash
│ ├─797 systemctl status
│ └─798 pager
├─init.scope
│ └─1 /sbin/init
└─system.slice
├─systemd-timesyncd.service
│ └─267 /lib/systemd/systemd-timesyncd
├─dbus.service
│ └─318 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
├─hciuart.service
│ └─466 /usr/bin/hciattach /dev/serial1 bcm43xx 3000000 flow - b8:27:eb:30:50:9d
├─ssh.service
│ └─616 /usr/sbin/sshd -D
├─dnsmasq.service
│ └─625 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
├─avahi-daemon.service
│ ├─353 avahi-daemon: running [readonly.local]
│ └─371 avahi-daemon: chroot helper
├─system-getty.slice
│ └─getty@tty1.service
│ └─611 /sbin/agetty --noclear tty1 linux
├─triggerhappy.service
│ └─345 /usr/sbin/thd --triggers /etc/triggerhappy/triggers.d/ --socket /run/thd.socket --user nobody --deviceglob /dev/input/event*
├─systemd-logind.service
│ └─339 /lib/systemd/systemd-logind
├─cron.service
│ └─335 /usr/sbin/cron -f
├─systemd-udevd.service
│ └─127 /lib/systemd/systemd-udevd
├─rsyslog.service
│ └─317 /usr/sbin/rsyslogd -n
├─bluetooth.service
│ └─472 /usr/lib/bluetooth/bluetoothd
├─networking.service
│ ├─441 /sbin/wpa_supplicant -s -B -P /run/wpa_supplicant.wlan0.pid -i wlan0 -D nl80211,wext -C /run/wpa_supplicant
│ └─535 /sbin/dhclient -4 -v -pf /run/dhclient.wlan0.pid -lf /var/lib/dhcp/dhclient.wlan0.leases -I -df /var/lib/dhcp/dhclient6.wlan0.leases wlan0
└─systemd-journald.service
└─91 /lib/systemd/systemd-journald
• Another snippet:
pi@readonly:/etc$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
• I am able to reach the ESXi SSH on port 22, from both, PC 1 and PC 2:
[SSH] Server Version OpenSSH_7.7
[SSH] Logged in (keyboard-interactive)
The time and date of this login have been sent to the system logs.
WARNING:
All commands run on the ESXi shell are logged and may be included in
support bundles. Do not provide passwords directly on the command line.
Most tools can prompt for secrets or accept them from standard input.
VMware offers supported, powerful system administration tools. Please
see www.vmware.com/go/sysadmintools for details.
The ESXi Shell can be disabled by an administrative user. See the
vSphere Security documentation for more information.
[root@vmbox:~] help
• Snippet of ifconfig on RPI:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255
inet6 fe80::ba27:ebff:fe9a:fa37 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:9a:fa:37 txqueuelen 1000 (Ethernet)
RX packets 80 bytes 10371 (10.1 KiB)
RX errors 0 dropped 10 overruns 0 frame 0
TX packets 115 bytes 14448 (14.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 172 bytes 14220 (13.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 172 bytes 14220 (13.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.21 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::ba27:ebff:fecf:af62 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:cf:af:62 txqueuelen 1000 (Ethernet)
RX packets 998 bytes 66198 (64.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 648 bytes 107537 (105.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
• Not able to reach the ESXi GUI neither from PC 1, nor PC 2
• ESXi interface is configured with DHCP and on RPI, is set dhcpcd, the IP is assigned, and I able to see:
To manage this host go to: on the ESXi.
http://192.168.2.83/
• Able to ping PC 1 and PC 2 from ESXi
Question:
How to fix it, in order to be able to reach the GUI of ESXi from the PC 1 and PC 2?
debian iptables raspberry-pi
asked 6 mins ago
readonlyreadonly
11
New contributor
readonly is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
0
0
0
Goal: to connect to the VM GUI using browser of PC 2 and PC 1
Here is the topology:
VM (ESX Server) <--> (eth0)RPI(wlan0) <--> FunBox Router <--> ISP -- PC 2
^
PC 1
• Here is the snippet from iptables:
pi@readonly:/etc$ sudo iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:170 to:192.168.2.83:22
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:171 to:192.168.2.83:80
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:8080
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:443
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:903
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
• Snippet of systemctl status:
State: degraded
Jobs: 0 queued
Failed: 1 units
Since: Thu 1970-01-01 01:00:02 BST; 49 years 1 months ago
CGroup: /
├─user.slice
│ └─user-1000.slice
│ ├─user@1000.service
│ │ └─init.scope
│ │ ├─701 /lib/systemd/systemd --user
│ │ └─704 (sd-pam)
│ └─session-c1.scope
│ ├─696 sshd: pi [priv]
│ ├─711 sshd: pi@pts/0
│ ├─714 -bash
│ ├─797 systemctl status
│ └─798 pager
├─init.scope
│ └─1 /sbin/init
└─system.slice
├─systemd-timesyncd.service
│ └─267 /lib/systemd/systemd-timesyncd
├─dbus.service
│ └─318 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
├─hciuart.service
│ └─466 /usr/bin/hciattach /dev/serial1 bcm43xx 3000000 flow - b8:27:eb:30:50:9d
├─ssh.service
│ └─616 /usr/sbin/sshd -D
├─dnsmasq.service
│ └─625 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
├─avahi-daemon.service
│ ├─353 avahi-daemon: running [readonly.local]
│ └─371 avahi-daemon: chroot helper
├─system-getty.slice
│ └─getty@tty1.service
│ └─611 /sbin/agetty --noclear tty1 linux
├─triggerhappy.service
│ └─345 /usr/sbin/thd --triggers /etc/triggerhappy/triggers.d/ --socket /run/thd.socket --user nobody --deviceglob /dev/input/event*
├─systemd-logind.service
│ └─339 /lib/systemd/systemd-logind
├─cron.service
│ └─335 /usr/sbin/cron -f
├─systemd-udevd.service
│ └─127 /lib/systemd/systemd-udevd
├─rsyslog.service
│ └─317 /usr/sbin/rsyslogd -n
├─bluetooth.service
│ └─472 /usr/lib/bluetooth/bluetoothd
├─networking.service
│ ├─441 /sbin/wpa_supplicant -s -B -P /run/wpa_supplicant.wlan0.pid -i wlan0 -D nl80211,wext -C /run/wpa_supplicant
│ └─535 /sbin/dhclient -4 -v -pf /run/dhclient.wlan0.pid -lf /var/lib/dhcp/dhclient.wlan0.leases -I -df /var/lib/dhcp/dhclient6.wlan0.leases wlan0
└─systemd-journald.service
└─91 /lib/systemd/systemd-journald
• Another snippet:
pi@readonly:/etc$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
• I am able to reach the ESXi SSH on port 22, from both, PC 1 and PC 2:
[SSH] Server Version OpenSSH_7.7
[SSH] Logged in (keyboard-interactive)
The time and date of this login have been sent to the system logs.
WARNING:
All commands run on the ESXi shell are logged and may be included in
support bundles. Do not provide passwords directly on the command line.
Most tools can prompt for secrets or accept them from standard input.
VMware offers supported, powerful system administration tools. Please
see www.vmware.com/go/sysadmintools for details.
The ESXi Shell can be disabled by an administrative user. See the
vSphere Security documentation for more information.
[root@vmbox:~] help
• Snippet of ifconfig on RPI:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255
inet6 fe80::ba27:ebff:fe9a:fa37 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:9a:fa:37 txqueuelen 1000 (Ethernet)
RX packets 80 bytes 10371 (10.1 KiB)
RX errors 0 dropped 10 overruns 0 frame 0
TX packets 115 bytes 14448 (14.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 172 bytes 14220 (13.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 172 bytes 14220 (13.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.21 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::ba27:ebff:fecf:af62 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:cf:af:62 txqueuelen 1000 (Ethernet)
RX packets 998 bytes 66198 (64.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 648 bytes 107537 (105.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
• Not able to reach the ESXi GUI neither from PC 1, nor PC 2
• ESXi interface is configured with DHCP and on RPI, is set dhcpcd, the IP is assigned, and I able to see:
To manage this host go to: on the ESXi.
http://192.168.2.83/
• Able to ping PC 1 and PC 2 from ESXi
Question:
How to fix it, in order to be able to reach the GUI of ESXi from the PC 1 and PC 2?
debian iptables raspberry-pi
asked 6 mins ago
readonlyreadonly
11
New contributor
readonly is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Goal: to connect to the VM GUI using browser of PC 2 and PC 1
Here is the topology:
VM (ESX Server) <--> (eth0)RPI(wlan0) <--> FunBox Router <--> ISP -- PC 2
^
PC 1
• Here is the snippet from iptables:
pi@readonly:/etc$ sudo iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:170 to:192.168.2.83:22
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:171 to:192.168.2.83:80
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:8080
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:443
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:903
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
• Snippet of systemctl status:
State: degraded
Jobs: 0 queued
Failed: 1 units
Since: Thu 1970-01-01 01:00:02 BST; 49 years 1 months ago
CGroup: /
├─user.slice
│ └─user-1000.slice
│ ├─user@1000.service
│ │ └─init.scope
│ │ ├─701 /lib/systemd/systemd --user
│ │ └─704 (sd-pam)
│ └─session-c1.scope
│ ├─696 sshd: pi [priv]
│ ├─711 sshd: pi@pts/0
│ ├─714 -bash
│ ├─797 systemctl status
│ └─798 pager
├─init.scope
│ └─1 /sbin/init
└─system.slice
├─systemd-timesyncd.service
│ └─267 /lib/systemd/systemd-timesyncd
├─dbus.service
│ └─318 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
├─hciuart.service
│ └─466 /usr/bin/hciattach /dev/serial1 bcm43xx 3000000 flow - b8:27:eb:30:50:9d
├─ssh.service
│ └─616 /usr/sbin/sshd -D
├─dnsmasq.service
│ └─625 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
├─avahi-daemon.service
│ ├─353 avahi-daemon: running [readonly.local]
│ └─371 avahi-daemon: chroot helper
├─system-getty.slice
│ └─getty@tty1.service
│ └─611 /sbin/agetty --noclear tty1 linux
├─triggerhappy.service
│ └─345 /usr/sbin/thd --triggers /etc/triggerhappy/triggers.d/ --socket /run/thd.socket --user nobody --deviceglob /dev/input/event*
├─systemd-logind.service
│ └─339 /lib/systemd/systemd-logind
├─cron.service
│ └─335 /usr/sbin/cron -f
├─systemd-udevd.service
│ └─127 /lib/systemd/systemd-udevd
├─rsyslog.service
│ └─317 /usr/sbin/rsyslogd -n
├─bluetooth.service
│ └─472 /usr/lib/bluetooth/bluetoothd
├─networking.service
│ ├─441 /sbin/wpa_supplicant -s -B -P /run/wpa_supplicant.wlan0.pid -i wlan0 -D nl80211,wext -C /run/wpa_supplicant
│ └─535 /sbin/dhclient -4 -v -pf /run/dhclient.wlan0.pid -lf /var/lib/dhcp/dhclient.wlan0.leases -I -df /var/lib/dhcp/dhclient6.wlan0.leases wlan0
└─systemd-journald.service
└─91 /lib/systemd/systemd-journald
• Another snippet:
pi@readonly:/etc$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
• I am able to reach the ESXi SSH on port 22, from both, PC 1 and PC 2:
[SSH] Server Version OpenSSH_7.7
[SSH] Logged in (keyboard-interactive)
The time and date of this login have been sent to the system logs.
WARNING:
All commands run on the ESXi shell are logged and may be included in
support bundles. Do not provide passwords directly on the command line.
Most tools can prompt for secrets or accept them from standard input.
VMware offers supported, powerful system administration tools. Please
see www.vmware.com/go/sysadmintools for details.
The ESXi Shell can be disabled by an administrative user. See the
vSphere Security documentation for more information.
[root@vmbox:~] help
• Snippet of ifconfig on RPI:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255
inet6 fe80::ba27:ebff:fe9a:fa37 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:9a:fa:37 txqueuelen 1000 (Ethernet)
RX packets 80 bytes 10371 (10.1 KiB)
RX errors 0 dropped 10 overruns 0 frame 0
TX packets 115 bytes 14448 (14.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 172 bytes 14220 (13.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 172 bytes 14220 (13.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.21 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::ba27:ebff:fecf:af62 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:cf:af:62 txqueuelen 1000 (Ethernet)
RX packets 998 bytes 66198 (64.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 648 bytes 107537 (105.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
• Not able to reach the ESXi GUI neither from PC 1, nor PC 2
• ESXi interface is configured with DHCP and on RPI, is set dhcpcd, the IP is assigned, and I able to see:
To manage this host go to: on the ESXi.
http://192.168.2.83/
• Able to ping PC 1 and PC 2 from ESXi
Question:
How to fix it, in order to be able to reach the GUI of ESXi from the PC 1 and PC 2?
debian iptables raspberry-pi
debian iptables raspberry-pi
asked 6 mins ago
readonlyreadonly
11
New contributor
readonly is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 6 mins ago
readonlyreadonly
11
New contributor
readonly is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 6 mins ago
readonlyreadonly
11
New contributor
readonly is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 6 mins ago
readonlyreadonly
11
asked 6 mins ago
readonlyreadonly
11
11
New contributor
readonly is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
readonly is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
readonly is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
readonly is a new contributor. Be nice, and check out our Code of Conduct.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f500949%2funable-to-reach-esxi-gui-from-outside-the-network-using-iptables-forward-on-rpi%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
readonly is a new contributor. Be nice, and check out our Code of Conduct.
draft saved
draft discarded
readonly is a new contributor. Be nice, and check out our Code of Conduct.
readonly is a new contributor. Be nice, and check out our Code of Conduct.
readonly is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f500949%2funable-to-reach-esxi-gui-from-outside-the-network-using-iptables-forward-on-rpi%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
