Re: Network tcp/iptables issue with XRDP

Tue, 24 Oct 2023 07:03:34 -0700 


> On 24 Oct 2023, at 15:14, Dan Ritter <d...@randomstring.org> wrote:
> 
> Henggi wrote: 
>> 
>>> On 24 Oct 2023, at 14:46, Dan Ritter <d...@randomstring.org> wrote:
>>> 
>> - when using „port=tcp://:3389“ in xrdp.ini:
>> root@server:~# ss -tlnp | grep 3389
>> LISTEN 0      2                 0.0.0.0:3389       0.0.0.0:*    
>> users:(("xrdp",pid=96436,fd=11))
>> 
>> - when using using „port=3389“ in xrdp.ini:
>> root@mail:~# ss -tlnp | grep 3389
>> LISTEN 0      2                       *:3389             *:*    
>> users:(("xrdp",pid=202831,fd=11))
> 
> 
>> -> either way behaviour is the same, tcp connection works from localhost but 
>> not from other host.
> 
> Note that "0.0.0.0" means IPv4 only, and * means v4 and v6 will
> be accepted.
I know… however, the reason why I pointed our the port config from xrdp.ini in 
1st place, is that (according to "netstat -tulpn“) xrdp configured for * (to 
listen on tcp4 && tcp6) does ONLY listen on tcp6 but not tcp4.

- when using using „port=3389“ in xrdp.ini:
root@server:~# netstat -tulpn |grep -i rdp
tcp6       0      0 :::3389                 :::*                    LISTEN      
202831/xrdp
tcp6       0      0 127.0.0.1:3350          :::*                    LISTEN      
202821/xrdp-sesman

- when using „port=tcp://:3389“ in xrdp.ini:
root@server:~# netstat -tulpn |grep -i rdp
tcp        0      0 0.0.0.0:3389            0.0.0.0:*               LISTEN      
204201/xrdp
tcp6       0      0 127.0.0.1:3350          :::*                    LISTEN      
204191/xrdp-sesman

> 
> Given the information that you have supplied, there is a packet
> dropping mechanism of some kind between your process on the
> other machine and this one. It could be on that other machine,
> on this machine, or in some network device between them.
My assumption too (unless it’s a weird bug within used pkg version of xrdp)… 
thats why i provided evidence of the cleared iptables & tcpdump before
How to figure out where exactly the connection gets dropped (e.g. which process 
or kernel module is dropping it)?

> 
> Can you show that other ports on this machine are reachable from
> the other one? Say, 22?
client:~ user$ nc -zv 192.168.178.156 22
Connection to 192.168.178.156 port 22 [tcp/ssh] succeeded!
client:~ user$ nc -zv 192.168.178.156 25
Connection to 192.168.178.156 port 25 [tcp/smtp] succeeded!
client:~ user$ nc -zv 192.168.178.156 3389
nc: connectx to 192.168.178.156 port 3389 (tcp) failed: Operation timed out

> -dsr-

Reply via email to