You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Vieri <re...@yahoo.com.INVALID> on 2020/01/20 08:30:33 UTC
firewall and guacamole
Hi,
I recently moved my Guacamole/guacd services which was working fine in my LAN to a server within a DMZ. Between this DMZ and where the backend RDP, VNC, telnet services are, there's a firewall I can control and another bridged firewall I do not have full access to.
From the client browser I can access Guacamole's web portal and authenticate via LDAP. I can see the list of connections for any given LDAP user (the LDAP conenctions go through the firewalls). However, whenever I try to connect to any backend server (RDP, telnet, whatever), they all fail with a timeout.
On the firewall I can control, I see no traffic from the Guacamole server in the DMZ.
On the Guacamole server itself, I can't see anything of interest.
# /etc/init.d/guacd restart
* Stopping guacd ... [ ok ]
* Starting guacd ...
guacd[12215]: INFO: Guacamole proxy daemon (guacd) version 1.1.0 started
guacd[12215]: DEBUG: Successfully bound socket to host 127.0.0.1, port 4822
guacd[12215]: DEBUG: Exiting and passing control to PID 12216
guacd[12216]: DEBUG: Exiting and passing control to PID 12217 [ ok ]
# netstat -n -a | grep 4822
tcp 0 0 127.0.0.1:4822 0.0.0.0:* LISTEN
During a connection attempt:
# tcpdump -n -i lan port 4822
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lan, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
47 packets received by filter
0 packets dropped by kernel
# ps aux | grep guacd
guacd 22689 0.0 0.2 23000 9840 ? S 09:26 0:00 /usr/sbin/guacd -p /run/guacd/guacd
# cat /run/guacd/guacd
22689
Nothing useful in both /var/log/messages and Catalina output.
I have log_level = trace in guacd.conf.
Isn't guacd responsible for connecting to the backend servers?
Shouldn't a tcpdump on source port 4822 show me at least a connection attempt?
When Guacamole was on a server within my LAN, I could see the guacd log messages connecting to so and so backend services.
Oddly enough, I see no such activity on the new system.
# grep guacd guacamole.properties
guacd-hostname: localhost
guacd-port: 4822
# cat guacd.conf
[daemon]
log_level = trace
[server]
bind_host = localhost
What can I try?
Vieri
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org