How to add xRDP and XFCE4 o UFW rules?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly!
Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.
sudo ufw allow from 192.168.1.1 to 192.168.1.100
sudo ufw allow 3389
However, I was wondering if there is a way to set up a more restrictive rule for this purpose.
Thank you!
xfce remote-desktop ufw xrdp
add a comment |
I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly!
Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.
sudo ufw allow from 192.168.1.1 to 192.168.1.100
sudo ufw allow 3389
However, I was wondering if there is a way to set up a more restrictive rule for this purpose.
Thank you!
xfce remote-desktop ufw xrdp
add a comment |
I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly!
Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.
sudo ufw allow from 192.168.1.1 to 192.168.1.100
sudo ufw allow 3389
However, I was wondering if there is a way to set up a more restrictive rule for this purpose.
Thank you!
xfce remote-desktop ufw xrdp
I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly!
Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.
sudo ufw allow from 192.168.1.1 to 192.168.1.100
sudo ufw allow 3389
However, I was wondering if there is a way to set up a more restrictive rule for this purpose.
Thank you!
xfce remote-desktop ufw xrdp
xfce remote-desktop ufw xrdp
asked Jan 29 '18 at 23:06
TudorTudor
111
111
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I don't think those rules do what you think they do.
sudo ufw allow from 192.168.1.1 to 192.168.1.100
allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.
On the other hand,
sudo ufw allow 3389
will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.
Probably what you want is either
sudo ufw allow from 192.168.1.0/24 to any port 3389
or (slightly more restrictive)
sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp
which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:
$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN 192.168.1.0/24
[ 2] 3389/tcp ALLOW IN 192.168.1.0/24
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1001154%2fhow-to-add-xrdp-and-xfce4-o-ufw-rules%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I don't think those rules do what you think they do.
sudo ufw allow from 192.168.1.1 to 192.168.1.100
allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.
On the other hand,
sudo ufw allow 3389
will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.
Probably what you want is either
sudo ufw allow from 192.168.1.0/24 to any port 3389
or (slightly more restrictive)
sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp
which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:
$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN 192.168.1.0/24
[ 2] 3389/tcp ALLOW IN 192.168.1.0/24
add a comment |
I don't think those rules do what you think they do.
sudo ufw allow from 192.168.1.1 to 192.168.1.100
allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.
On the other hand,
sudo ufw allow 3389
will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.
Probably what you want is either
sudo ufw allow from 192.168.1.0/24 to any port 3389
or (slightly more restrictive)
sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp
which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:
$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN 192.168.1.0/24
[ 2] 3389/tcp ALLOW IN 192.168.1.0/24
add a comment |
I don't think those rules do what you think they do.
sudo ufw allow from 192.168.1.1 to 192.168.1.100
allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.
On the other hand,
sudo ufw allow 3389
will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.
Probably what you want is either
sudo ufw allow from 192.168.1.0/24 to any port 3389
or (slightly more restrictive)
sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp
which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:
$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN 192.168.1.0/24
[ 2] 3389/tcp ALLOW IN 192.168.1.0/24
I don't think those rules do what you think they do.
sudo ufw allow from 192.168.1.1 to 192.168.1.100
allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.
On the other hand,
sudo ufw allow 3389
will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.
Probably what you want is either
sudo ufw allow from 192.168.1.0/24 to any port 3389
or (slightly more restrictive)
sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp
which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:
$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN 192.168.1.0/24
[ 2] 3389/tcp ALLOW IN 192.168.1.0/24
answered Jan 29 '18 at 23:56
steeldriversteeldriver
70.7k11115187
70.7k11115187
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1001154%2fhow-to-add-xrdp-and-xfce4-o-ufw-rules%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown