Introduction
To enable SMTP outbound traffic on VMware ESXi, firewall rules must be properly configured. This guide explains how to create and configure a firewall rule for SMTP, ensure its persistence after a reboot, and restart firewall services.
1. Creating the Firewall Configuration File
Create the following file to define SMTP firewall rules:
vi /etc/vmware/firewall/smtp.xmlAdd the following content:
<ConfigRoot>
<service id='0033'>
<id>smtp</id>
<rule id='0000'>
<direction>outbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>25</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
</ConfigRoot>2. Restarting Firewall Services
After creating the file, refresh the firewall configuration with the following command:
esxcli network firewall refresh3. Ensuring Persistence After Reboot
To ensure the rule persists after a reboot, follow these steps:
- Copy
smtp.xmlto a persistent storage location. - Edit the startup script using:
vi /etc/profile.local # For ESXi 5.1
vi /etc/rc.local # For ESXi 5.0Add the following line (replacing with the correct storage path):
cp /vmfs/volumes/nas03.iscsi/firewall/smtp.xml /etc/vmware/firewall/smtp.xml
esxcli network firewall refreshNote: On some systems, an SSH login may be required after a reboot to trigger the effect.
By following these steps, you can ensure that outbound SMTP traffic is allowed through the VMware ESXi firewall while maintaining persistence across reboots.
