VMWare: How to add RDP rule to esxi firewall via cli

Sometimes I need to ssh jump to esxi host and tunnel RDP to an internal host across the ssh session

Backup:
cp /etc/vmware/firewall/service.xml /etc/vmware/firewall/service.xml.bak

chmod 644 /etc/vmware/firewall/service.xml

chmod +t /etc/vmware/firewall/service.xml

vi & enter towards the bottom of service.xml (below 0037):

<!– MY RDP –>
<service id=’0038′>
<id>myrdp</id>
<rule>
<direction>outbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>3389</port>
</rule>
<enabled>false</enabled>
<required>false</required>
</service>

chmod 444 /etc/vmware/firewall/service.xml

esxcli network firewall refresh

esxcli network firewall ruleset list

esxcli network firewall ruleset set -e true -r myrdp

Now feel free to RDP via ssh tunnel. I usually disable the rule after via:

esxcli network firewall ruleset set -e false -r myrdp

Shadow an RDP session

I was working on migrating VM’s via Hyper V cluster failover remotely, and a college asked if there was a way to Shadow. We tried both connecting to 1 host via logmein with no luck. I searched and found a way to shadow via RDP.

1.) I was log’d host via logmein (could easily be RDP)
2.) I then created another domain admin user called test since I was on as administrator. They logged into another host on the same network via logmein as the test user
3.) Then they RDP’d as the user test to the server I was logged into as administrator
4.) I opened remote desktop services manager and looked to see the session number administrator was logged in as (it was session 3)
5.) They opened command prompt (right clicked run as administrator). In the command prompt they typed: shadow 3
6.) I was prompted “Do you want to relinquish control” which I did.
7.) They could then see my desktop and do whatever in it, but I couldn’t see
8.) I X’d out and reconnected and we were golden.
9.) + stops the shadow

For more info, see: http://support.microsoft.com/kb/278845

#Windows #RDP