.png)
목표: PC 2 및 PC 1의 브라우저를 사용하여 VM GUI에 연결 토폴로지는 다음과 같습니다.
VM (ESX Server) <--> (eth0)RPI(wlan0) <--> FunBox Router <--> ISP -- PC 2
^
PC 1
• 다음은 iptables의 일부입니다.
pi@readonly:/etc$ sudo iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:170 to:192.168.2.83:22
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:171 to:192.168.2.83:80
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:8080
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:443
DNAT tcp -- 0.0.0.0/0 192.168.1.21 tcp dpt:172 to:192.168.2.83:903
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
• 스니펫 systemctl status:
State: degraded
Jobs: 0 queued
Failed: 1 units
Since: Thu 1970-01-01 01:00:02 BST; 49 years 1 months ago
CGroup: /
├─user.slice
│ └─user-1000.slice
│ ├─[email protected]
│ │ └─init.scope
│ │ ├─701 /lib/systemd/systemd --user
│ │ └─704 (sd-pam)
│ └─session-c1.scope
│ ├─696 sshd: pi [priv]
│ ├─711 sshd: pi@pts/0
│ ├─714 -bash
│ ├─797 systemctl status
│ └─798 pager
├─init.scope
│ └─1 /sbin/init
└─system.slice
├─systemd-timesyncd.service
│ └─267 /lib/systemd/systemd-timesyncd
├─dbus.service
│ └─318 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
├─hciuart.service
│ └─466 /usr/bin/hciattach /dev/serial1 bcm43xx 3000000 flow - b8:27:eb:30:50:9d
├─ssh.service
│ └─616 /usr/sbin/sshd -D
├─dnsmasq.service
│ └─625 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service
├─avahi-daemon.service
│ ├─353 avahi-daemon: running [readonly.local]
│ └─371 avahi-daemon: chroot helper
├─system-getty.slice
│ └─[email protected]
│ └─611 /sbin/agetty --noclear tty1 linux
├─triggerhappy.service
│ └─345 /usr/sbin/thd --triggers /etc/triggerhappy/triggers.d/ --socket /run/thd.socket --user nobody --deviceglob /dev/input/event*
├─systemd-logind.service
│ └─339 /lib/systemd/systemd-logind
├─cron.service
│ └─335 /usr/sbin/cron -f
├─systemd-udevd.service
│ └─127 /lib/systemd/systemd-udevd
├─rsyslog.service
│ └─317 /usr/sbin/rsyslogd -n
├─bluetooth.service
│ └─472 /usr/lib/bluetooth/bluetoothd
├─networking.service
│ ├─441 /sbin/wpa_supplicant -s -B -P /run/wpa_supplicant.wlan0.pid -i wlan0 -D nl80211,wext -C /run/wpa_supplicant
│ └─535 /sbin/dhclient -4 -v -pf /run/dhclient.wlan0.pid -lf /var/lib/dhcp/dhclient.wlan0.leases -I -df /var/lib/dhcp/dhclient6.wlan0.leases wlan0
└─systemd-journald.service
└─91 /lib/systemd/systemd-journald
• 또 다른 내용:
pi@readonly:/etc$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
• 포트 22를 통해 PC 1과 PC 2에서 ESXi SSH에 액세스할 수 있습니다.
[SSH] Server Version OpenSSH_7.7
[SSH] Logged in (keyboard-interactive)
The time and date of this login have been sent to the system logs.
WARNING:
All commands run on the ESXi shell are logged and may be included in
support bundles. Do not provide passwords directly on the command line.
Most tools can prompt for secrets or accept them from standard input.
VMware offers supported, powerful system administration tools. Please
see www.vmware.com/go/sysadmintools for details.
The ESXi Shell can be disabled by an administrative user. See the
vSphere Security documentation for more information.
[root@vmbox:~] help
ifconfig• RPI의 단편:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255
inet6 fe80::ba27:ebff:fe9a:fa37 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:9a:fa:37 txqueuelen 1000 (Ethernet)
RX packets 80 bytes 10371 (10.1 KiB)
RX errors 0 dropped 10 overruns 0 frame 0
TX packets 115 bytes 14448 (14.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 172 bytes 14220 (13.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 172 bytes 14220 (13.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.21 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::ba27:ebff:fecf:af62 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:cf:af:62 txqueuelen 1000 (Ethernet)
RX packets 998 bytes 66198 (64.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 648 bytes 107537 (105.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
• PC 1 또는 PC 2에서 ESXi GUI에 액세스할 수 없습니다.
• ESXi 인터페이스는 DHCP로 구성되고 dhcpcd는 RPI에 설정되며 IP가 할당되고
To manage this host go to: http://192.168.2.83/ESXi에서 다음을 볼 수 있습니다.
• ESXi에서 PC 1과 PC 2를 ping하는 기능
질문: PC 1과 PC 2에서 ESXi의 GUI에 액세스할 수 있도록 이 문제를 해결하려면 어떻게 해야 합니까?
답변1
거기에 작은 실수가 있습니다. ESXi를 관리하는 데 필요한 포트 목록에는 903/TCP가 아닌 902/TCP가 나와 있습니다.
어떤 경우에는 902/UDP가 필요할 수도 있습니다.
VMware 백서 보기vSphere Client용 TCP 및 UDP 포트
- 443(기본값)
HTTPS 액세스 vCenter Server에 대한 vSphere Client 액세스 ESXi 호스트에 대한 vSphere Client 액세스 vSphere Update Manager에 대한 vSphere Client 액세스 ESXi 호스트로 들어오는 TCP
- 902(기본값)
가상 머신 콘솔에 대한 vSphere Client 액세스 ESXi 호스트로 들어오는 TCP, ESXi 호스트에서 나가는 TCP, ESXi 호스트에서 나가는 UDP