How to access ESXI via mikrotik?

K

kukuruku112016-02-08 22:52:50

Mikrotik

kukuruku11, 2016-02-08 22:52:50

Good day! Help deal with the problem. There is Mikrotik with a white ip 2.2.2.2, behind it is a server with an esxi hypervisor with a local ip 192.168.88.249. I want to reach the server while on the web on ports 80, 443, but setting up the firewall and filters did not lead to anything. Tell me, please, what I did not take into account.

Below is the NAT setting (forwarded ports 80, 443)

> /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=srcnat action=masquerade out-interface=ether1-wan

1 ;;; esxi
chain=dstnat action=dst-nat to-addresses=192.168.88.249 to-ports=80 protocol=tcp dst-address=2.2.2.2 in-interface=ether1-wan dst-port=80

2 ;;; esxi_https
chain=dstnat action=dst-nat to-addresses=192.168.88.249 to-ports=443 protocol=tcp dst-address=2.2.2.2 in-interface=ether1-wan dst-port=443

Filters (allowed passing traffic on ports 80 , 443 and moved the rules higher, 2 and 3 in the list):

> /ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; default configuration
chain=input action=accept protocol=icmp

1 ;;; default configuration
chain=input action=accept connection-state=established

2 chain=forward action=accept protocol=tcp dst-port=80

3 chain=forward action=accept protocol=tcp dst-port=443

4 ;;; default configuration
chain=input action=accept connection-state=related

5 ;;; default configuration
chain=input action=accept in-interface=ether1-wan

6 ;;; default configuration
chain=forward action=accept connection-state=established

7 ;;; default configuration
chain=forward action=accept connection-state=related

8 ;;; default configuration
chain=forward action=drop connection-state=invalid

9 chain=forward action=accept out-interface=ether1-wan

After the settings, respectively, access to the router via the web was lost, since it gave port 80 to the hypervisor. However, access to the hypervisor did not appear.

Reply

Answer the question

In order to leave comments, you need to log in

6 answer(s)

O

oia, 2016-02-09
@oia

go to the configuration, firewall settings and you can see what ports you need
443 902 to manage VMware vSphere Client

L

LESHIY_ODESSA, 2016-02-10
@LESHIY_ODESSA

/ip firewall nat
add action=netmap chain=dstnat dst-port=80 protocol=tcp to-addresses=192.168.88.249 to-ports=80
add action=netmap chain=dstnat dst-port=443 protocol=tcp to-addresses=192.168.88.249 to-ports=443

THAT exclude in-interface and use netmap .
If it doesn't work, then what's wrong with ESXI.
You can also enable UPnP in Mikrotik.

V

Vladimir Kivva, 2016-02-09
@zionkv

Was at least one port from this Mikrotik previously forwarded correctly? I suspect that you are configuring incorrectly, try using netmap , disable the 443rd and 80th in Mikrotik services, or reassign Try instead of the 80th, try any from above, for reliability.

A

ASPI, 2016-02-10
@ASPI

ip -> services have www and www-ssl disabled

K

kukuruku11, 2016-02-09
@kukuruku11

I am ready to pay for the time spent to someone who will help you figure out the settings and tell you how to get access from the outside to ESXI hosts through Mikrotik.
an attempt to reach the hypervisor on port 80 is a minimum task. just practice port forwarding and see how the hypervisor behind Mikrotik works.
in the end, I need ports for the hypervisor client to work and access to individual virtual servers using their ports.
according to the scheme: MT --- ESXI --- VPS1(port1), VPS2(port2) .... VPSx(portx). There is one white ip for everything.
Is this even possible?
Mail for communication [email protected]

M

MrSource, 2021-11-18
@MrSource

Greetings! kukuruku11 did you get access to ESXI? Please share your settings.