Hi, I recently moved my Guacamole/guacd services which was working fine in my LAN to a server within a DMZ. Between this DMZ and where the backend RDP, VNC, telnet services are, there's a firewall I can control and another bridged firewall I do not have full access to.
>From the client browser I can access Guacamole's web portal and authenticate >via LDAP. I can see the list of connections for any given LDAP user (the LDAP >conenctions go through the firewalls). However, whenever I try to connect to >any backend server (RDP, telnet, whatever), they all fail with a timeout. On the firewall I can control, I see no traffic from the Guacamole server in the DMZ. On the Guacamole server itself, I can't see anything of interest. # /etc/init.d/guacd restart * Stopping guacd ... [ ok ] * Starting guacd ... guacd[12215]: INFO: Guacamole proxy daemon (guacd) version 1.1.0 started guacd[12215]: DEBUG: Successfully bound socket to host 127.0.0.1, port 4822 guacd[12215]: DEBUG: Exiting and passing control to PID 12216 guacd[12216]: DEBUG: Exiting and passing control to PID 12217 [ ok ] # netstat -n -a | grep 4822 tcp 0 0 127.0.0.1:4822 0.0.0.0:* LISTEN During a connection attempt: # tcpdump -n -i lan port 4822 dropped privs to tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lan, link-type EN10MB (Ethernet), capture size 262144 bytes ^C 0 packets captured 47 packets received by filter 0 packets dropped by kernel # ps aux | grep guacd guacd 22689 0.0 0.2 23000 9840 ? S 09:26 0:00 /usr/sbin/guacd -p /run/guacd/guacd # cat /run/guacd/guacd 22689 Nothing useful in both /var/log/messages and Catalina output. I have log_level = trace in guacd.conf. Isn't guacd responsible for connecting to the backend servers? Shouldn't a tcpdump on source port 4822 show me at least a connection attempt? When Guacamole was on a server within my LAN, I could see the guacd log messages connecting to so and so backend services. Oddly enough, I see no such activity on the new system. # grep guacd guacamole.properties guacd-hostname: localhost guacd-port: 4822 # cat guacd.conf [daemon] log_level = trace [server] bind_host = localhost What can I try? Vieri --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
