Re: [vspcpy:discussion] Re: Make the thing work

[Buck]

I'm not sure this is the most appropriate discussion to follow up on, but here goes anyway:

I had to do as follows, on an ESXi 5.5 host with firewalling enabled, to get it to work:

First, a huge thanks to Karim Elsatov whose virtuallyhyper blog article i found google-cached that you can go read at

http://webcache.googleusercontent.com/search?q=cache:IUWVORx8xUAJ:http://virtuallyhyper.com/2013/01/connecting-to-a-vm-using-serial-port-over-the-network-with-moxa-device-server/+vmware+vspc+firewall

instead of bothering with the below readers'-digest version

Second, i'm using the forked version of vSPC.py i found on github that i won't risk further insulting the community here at the original sourceforge project by mentioning further, but i though i should stipulate that for the record (and might also help make sense of the telnets:// reference below)

Lastly, enabling the checkbox for

Security Profile->Firewall->VM serial port connected to vSPC

in vcenter did not work. I verified using

esxcli network firewall ruleset list

or whatever, and it did indeed say

vSPC true

but when i'd check

esxcli network ip connection list

it would show the outbound connection attempt to (the default vSPC.py port that i configured up the virtual serial devices to telnets:// to) port 13770 (from process vmx) stuck in SYN_SENT, and no packets from the ESX host would be seen while tcpdump-ing on the vSPC.py-running server. (As mentioned, i'm using a forked vSPC.py that supports telnet-over-SSL (telnets:// URL) connections, but i don't imagine that the SSL-ization was the problem)

Maybe rebooting would have made it work, but that wasn't an option in this case, so ...

like i said, i followed instructions i googled up at

http://webcache.googleusercontent.com/search?q=cache:IUWVORx8xUAJ:http://virtuallyhyper.com/2013/01/connecting-to-a-vm-using-serial-port-over-the-network-with-moxa-device-server/+vmware+vspc+firewall

(original no longer available, at least where google cached it from) and added an entry to the firewall explicitly for outbound connections to the vSPC.py listening TCP port by adding a <service> entry to /etc/vmware/firewall/service.xml, after the last one (</service>

<service id='0037'>
...
</service>

, in my case), just before the closing

</ConfigRoot>

, assigning it the next sequential id after the last one, a la

<service id='0038'>
  <id>my-vSPC-13370</id>
  <rule id='0000'>
    <direction>outbound</direction>
    <protocol>tcp</protocol>
    <porttype>dst</porttype>
    <port>13370</port>
  </rule>
  <enabled>false</enabled>
  <required>false</required>
</service>

using vi in the esxi (SSH-connected) shell, a la

    cd /etc/vmware/firewall
    chmod u+w service.xml
    chmod +t service.xml
    vi service.xml

and then doing

esxcli network firewall ruleset set -r my-vSPC-13370 -e true

Presto! Connections would then start working, and i could see my Linux kernel boot log messages in glorious 9600n8 bps. (Having configured up the Logging backend, i can grep the below, for example:

    % grep -i vmware /var/log/vspc/my-vm-name.log
    Hypervisor detected: VMware
    ACPI: SRAT 000000003fef1300 000B8 (v02 VMWARE MEMPLUG  06040000 VMW  00000001)
    ACPI: WAET 000000003fef12d8 00028 (v01 VMWARE VMW WAET 06040000 VMW  00000001)
    hdc: VMware Virtual IDE CDROM Drive, ATAPI CD/DVD-ROM drive

)