How to add xRDP and XFCE4 o UFW rules?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







0















I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly!
Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.



sudo ufw allow from 192.168.1.1 to 192.168.1.100
sudo ufw allow 3389


However, I was wondering if there is a way to set up a more restrictive rule for this purpose.



Thank you!










share|improve this question





























    0















    I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly!
    Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.



    sudo ufw allow from 192.168.1.1 to 192.168.1.100
    sudo ufw allow 3389


    However, I was wondering if there is a way to set up a more restrictive rule for this purpose.



    Thank you!










    share|improve this question

























      0












      0








      0








      I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly!
      Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.



      sudo ufw allow from 192.168.1.1 to 192.168.1.100
      sudo ufw allow 3389


      However, I was wondering if there is a way to set up a more restrictive rule for this purpose.



      Thank you!










      share|improve this question














      I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly!
      Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.



      sudo ufw allow from 192.168.1.1 to 192.168.1.100
      sudo ufw allow 3389


      However, I was wondering if there is a way to set up a more restrictive rule for this purpose.



      Thank you!







      xfce remote-desktop ufw xrdp






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jan 29 '18 at 23:06









      TudorTudor

      111




      111






















          1 Answer
          1






          active

          oldest

          votes


















          0














          I don't think those rules do what you think they do.



          sudo ufw allow from 192.168.1.1 to 192.168.1.100


          allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.



          On the other hand,



          sudo ufw allow 3389


          will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.



          Probably what you want is either



          sudo ufw allow from 192.168.1.0/24 to any port 3389


          or (slightly more restrictive)



          sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp


          which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:



          $ sudo ufw status numbered
          Status: active

          To Action From
          -- ------ ----
          [ 1] 22/tcp ALLOW IN 192.168.1.0/24
          [ 2] 3389/tcp ALLOW IN 192.168.1.0/24





          share|improve this answer
























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "89"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1001154%2fhow-to-add-xrdp-and-xfce4-o-ufw-rules%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            I don't think those rules do what you think they do.



            sudo ufw allow from 192.168.1.1 to 192.168.1.100


            allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.



            On the other hand,



            sudo ufw allow 3389


            will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.



            Probably what you want is either



            sudo ufw allow from 192.168.1.0/24 to any port 3389


            or (slightly more restrictive)



            sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp


            which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:



            $ sudo ufw status numbered
            Status: active

            To Action From
            -- ------ ----
            [ 1] 22/tcp ALLOW IN 192.168.1.0/24
            [ 2] 3389/tcp ALLOW IN 192.168.1.0/24





            share|improve this answer




























              0














              I don't think those rules do what you think they do.



              sudo ufw allow from 192.168.1.1 to 192.168.1.100


              allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.



              On the other hand,



              sudo ufw allow 3389


              will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.



              Probably what you want is either



              sudo ufw allow from 192.168.1.0/24 to any port 3389


              or (slightly more restrictive)



              sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp


              which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:



              $ sudo ufw status numbered
              Status: active

              To Action From
              -- ------ ----
              [ 1] 22/tcp ALLOW IN 192.168.1.0/24
              [ 2] 3389/tcp ALLOW IN 192.168.1.0/24





              share|improve this answer


























                0












                0








                0







                I don't think those rules do what you think they do.



                sudo ufw allow from 192.168.1.1 to 192.168.1.100


                allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.



                On the other hand,



                sudo ufw allow 3389


                will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.



                Probably what you want is either



                sudo ufw allow from 192.168.1.0/24 to any port 3389


                or (slightly more restrictive)



                sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp


                which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:



                $ sudo ufw status numbered
                Status: active

                To Action From
                -- ------ ----
                [ 1] 22/tcp ALLOW IN 192.168.1.0/24
                [ 2] 3389/tcp ALLOW IN 192.168.1.0/24





                share|improve this answer













                I don't think those rules do what you think they do.



                sudo ufw allow from 192.168.1.1 to 192.168.1.100


                allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.



                On the other hand,



                sudo ufw allow 3389


                will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.



                Probably what you want is either



                sudo ufw allow from 192.168.1.0/24 to any port 3389


                or (slightly more restrictive)



                sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp


                which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:



                $ sudo ufw status numbered
                Status: active

                To Action From
                -- ------ ----
                [ 1] 22/tcp ALLOW IN 192.168.1.0/24
                [ 2] 3389/tcp ALLOW IN 192.168.1.0/24






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jan 29 '18 at 23:56









                steeldriversteeldriver

                70.7k11115187




                70.7k11115187






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Ask Ubuntu!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1001154%2fhow-to-add-xrdp-and-xfce4-o-ufw-rules%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    GameSpot

                    日野市

                    Tu-95轟炸機