How to add xRDP and XFCE4 o UFW rules?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







0















I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly!
Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.



sudo ufw allow from 192.168.1.1 to 192.168.1.100

sudo ufw allow 3389


However, I was wondering if there is a way to set up a more restrictive rule for this purpose.



Thank you!






xfce remote-desktop ufw xrdp







share|improve this question





























    0















    I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly!
    Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.



    sudo ufw allow from 192.168.1.1 to 192.168.1.100
    
sudo ufw allow 3389


    However, I was wondering if there is a way to set up a more restrictive rule for this purpose.



    Thank you!






    xfce remote-desktop ufw xrdp







    share|improve this question

























      0












      0








      0








      I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly!
      Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.



      sudo ufw allow from 192.168.1.1 to 192.168.1.100
      
sudo ufw allow 3389


      However, I was wondering if there is a way to set up a more restrictive rule for this purpose.



      Thank you!






      xfce remote-desktop ufw xrdp







      share|improve this question














      I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly!
      Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.



      sudo ufw allow from 192.168.1.1 to 192.168.1.100
      
sudo ufw allow 3389


      However, I was wondering if there is a way to set up a more restrictive rule for this purpose.



      Thank you!






      xfce remote-desktop ufw xrdp




      xfce remote-desktop ufw xrdp






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jan 29 '18 at 23:06









      TudorTudor

      111




      111






















          1 Answer
          1






          active

          oldest

          votes


















          0














          I don't think those rules do what you think they do.



          sudo ufw allow from 192.168.1.1 to 192.168.1.100


          allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.



          On the other hand,



          sudo ufw allow 3389


          will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.



          Probably what you want is either



          sudo ufw allow from 192.168.1.0/24 to any port 3389


          or (slightly more restrictive)



          sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp


          which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:



          $ sudo ufw status numbered
          
Status: active
          

          
     To                         Action      From
          
     --                         ------      ----
          
[ 1] 22/tcp                     ALLOW IN    192.168.1.0/24            
          
[ 2] 3389/tcp                   ALLOW IN    192.168.1.0/24





          share|improve this answer
























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "89"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1001154%2fhow-to-add-xrdp-and-xfce4-o-ufw-rules%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            I don't think those rules do what you think they do.



            sudo ufw allow from 192.168.1.1 to 192.168.1.100


            allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.



            On the other hand,



            sudo ufw allow 3389


            will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.



            Probably what you want is either



            sudo ufw allow from 192.168.1.0/24 to any port 3389


            or (slightly more restrictive)



            sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp


            which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:



            $ sudo ufw status numbered
            
Status: active
            

            
     To                         Action      From
            
     --                         ------      ----
            
[ 1] 22/tcp                     ALLOW IN    192.168.1.0/24            
            
[ 2] 3389/tcp                   ALLOW IN    192.168.1.0/24





            share|improve this answer




























              0














              I don't think those rules do what you think they do.



              sudo ufw allow from 192.168.1.1 to 192.168.1.100


              allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.



              On the other hand,



              sudo ufw allow 3389


              will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.



              Probably what you want is either



              sudo ufw allow from 192.168.1.0/24 to any port 3389


              or (slightly more restrictive)



              sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp


              which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:



              $ sudo ufw status numbered
              
Status: active
              

              
     To                         Action      From
              
     --                         ------      ----
              
[ 1] 22/tcp                     ALLOW IN    192.168.1.0/24            
              
[ 2] 3389/tcp                   ALLOW IN    192.168.1.0/24





              share|improve this answer


























                0












                0








                0







                I don't think those rules do what you think they do.



                sudo ufw allow from 192.168.1.1 to 192.168.1.100


                allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.



                On the other hand,



                sudo ufw allow 3389


                will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.



                Probably what you want is either



                sudo ufw allow from 192.168.1.0/24 to any port 3389


                or (slightly more restrictive)



                sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp


                which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:



                $ sudo ufw status numbered
                
Status: active
                

                
     To                         Action      From
                
     --                         ------      ----
                
[ 1] 22/tcp                     ALLOW IN    192.168.1.0/24            
                
[ 2] 3389/tcp                   ALLOW IN    192.168.1.0/24





                share|improve this answer













                I don't think those rules do what you think they do.



                sudo ufw allow from 192.168.1.1 to 192.168.1.100


                allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.



                On the other hand,



                sudo ufw allow 3389


                will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.



                Probably what you want is either



                sudo ufw allow from 192.168.1.0/24 to any port 3389


                or (slightly more restrictive)



                sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp


                which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:



                $ sudo ufw status numbered
                
Status: active
                

                
     To                         Action      From
                
     --                         ------      ----
                
[ 1] 22/tcp                     ALLOW IN    192.168.1.0/24            
                
[ 2] 3389/tcp                   ALLOW IN    192.168.1.0/24






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jan 29 '18 at 23:56









                steeldriversteeldriver

                70.7k11115187




                70.7k11115187






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Ask Ubuntu!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1001154%2fhow-to-add-xrdp-and-xfce4-o-ufw-rules%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    GameSpot

                    Image
                    body.skin-minerva .mw-parser-output table.infobox caption{text-align:center} GameSpot 戰地風雲:惡名昭彰2在Gamespot的評論 网站类型 新聞 持有者 CBS 创始人 Pete Deemer Vince Broady Jon Epstein 网站 http://www.gamespot.com/ 注册 Optional (free and paid) 推出时间 1996年5月1日 [1] GameSpot (中国大陆:游戏基地),於1996年5月由Pete Deemer和Vince Broady創立,是一個提供新聞、評論、預告片、下載及其他的相關資訊的電子遊戲網站。GameSpot被一間後來被CNET收購的企業ZDNet所收購。根據Alexa,GameSpot.com是200個網路擁擠最嚴重的網站之一。 除了由GameSpot員工創作的內容,網站還允許用戶寫評論、網誌、之後在網路論壇分享。一些在CNET旗下的GameFAQs分享。 2004年, GameSpot被Spike TV的觀眾選上「電子遊戲賞節目」贏得「最傑出遊戲網站。 [2] 其他的遊戲網站還有IGN、1UP.com、GameSpy是它最大的競爭對手。2008年,根據Compete.com的統計,「gamespot.com」吸引了最少6000萬人的點擊率。 [3] GameSpot的主頁鏈結了到最近新聞、評論、預告、和一些有關遊戲機的入口:Wii、任天堂DS、電腦遊戲、Xbox 360、PSP、PlayStation 2、PlayStation 3。它還有一列「最受歡迎遊戲名單」,還有給用戶快速獲得遊戲資訊的搜尋器。GameSpot 還包括一些小範圍的遊戲機:任天堂64、GameCube、Game Boy Color、Game Boy Advance、Xbox、PlayStation、SEGA Saturn、Dreamcast、Neo Geo Pocket Color、N-Gage、手機遊戲。 目录 1 歷史 1.1 國際歷史 1.2 著名的員工 2 評論和分
                    Read more

                    connect to host localhost port 22: Connection refused

                    Image
                    .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0; } 1 1 I created a Ubuntu Vagrant box and ssh'd into it. Now, created a ssh key and trying to ssh to my localhost but I get the following error. vagrant@vagrant-ubuntu-trusty-64:~$ ssh -vvvv localhost OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to localhost [127.0.0.1] port 22. debug1: connect to address 127.0.0.1 port 22: Connection refused ssh: connect to host localhost port 22: Connection refused When I check the list of ports opened as follows: vagrant@vagrant-ubuntu-trusty-64:~$ s
                    Read more

                    Getting a Wifi WPA2 wifi connection

                    Image
                    .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0; } 0 I've been trying to get a simple wifi connection ! bu I have to admit I just can't get it done ! here is what I've tried: root@MYONE:/etc# clear root@MYONE:/etc# vi wpa_supplicant.conf ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=0 update_config=1 network={ ssid="Mi Engine" psk="7407352688e4" } root@MYONE:/etc# iw wlan0 link Not connected. root@MYONE:/etc# ifconfig eth0 Link encap:Ethernet HWaddr 74:FE:48:3A:55:AB inet addr:192.168.178.88 Bcast:192.168.178.255 Mask:255.255.255.0 inet6 addr: fe80::76fe:48ff:fe3a:55ab%4804152/64 Scope:Link UP BRO
                    Read more