You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Vieri <re...@yahoo.com.INVALID> on 2020/01/20 08:30:33 UTC

firewall and guacamole

Hi,

I recently moved my Guacamole/guacd services which was working fine in my LAN to a server within a DMZ. Between this DMZ and where the backend RDP, VNC, telnet services are, there's a firewall I can control and another bridged firewall I do not have full access to.

From the client browser I can access Guacamole's web portal and authenticate via LDAP. I can see the list of connections for any given LDAP user (the LDAP conenctions go through the firewalls). However, whenever I try to connect to any backend server (RDP, telnet, whatever), they all fail with a timeout.

On the firewall I can control, I see no traffic from the Guacamole server in the DMZ.

On the Guacamole server itself, I can't see anything of interest.

 # /etc/init.d/guacd restart
 * Stopping guacd ...                                                     [ ok ]
 * Starting guacd ...
guacd[12215]: INFO:     Guacamole proxy daemon (guacd) version 1.1.0 started
guacd[12215]: DEBUG:    Successfully bound socket to host 127.0.0.1, port 4822
guacd[12215]: DEBUG:    Exiting and passing control to PID 12216
guacd[12216]: DEBUG:    Exiting and passing control to PID 12217          [ ok ]

# netstat -n -a | grep 4822
tcp        0      0 127.0.0.1:4822          0.0.0.0:*               LISTEN

During a connection attempt:
# tcpdump -n -i lan port 4822
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lan, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
47 packets received by filter
0 packets dropped by kernel

# ps aux | grep guacd
guacd    22689  0.0  0.2  23000  9840 ?        S    09:26   0:00 /usr/sbin/guacd -p /run/guacd/guacd

# cat /run/guacd/guacd
22689

Nothing useful in both /var/log/messages and Catalina output.
I have log_level = trace in guacd.conf.

Isn't guacd responsible for connecting to the backend servers?
Shouldn't a tcpdump on source port 4822 show me at least a connection attempt?

When Guacamole was on a server within my LAN, I could see the guacd log messages connecting to so and so backend services.
Oddly enough, I see no such activity on the new system.

# grep guacd guacamole.properties
guacd-hostname: localhost
guacd-port: 4822

# cat guacd.conf
[daemon]
log_level = trace
[server]
bind_host = localhost

What can I try?

Vieri

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org