[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Network tcp/iptables issue with XRDP

> On 24 Oct 2023, at 15:14, Dan Ritter <dsr@randomstring.org> wrote:
> Henggi wrote: 
>>> On 24 Oct 2023, at 14:46, Dan Ritter <dsr@randomstring.org> wrote:
>> - when using „port=tcp://:3389“ in xrdp.ini:
>> root@server:~# ss -tlnp | grep 3389
>> LISTEN 0      2       *    users:(("xrdp",pid=96436,fd=11))
>> - when using using „port=3389“ in xrdp.ini:
>> root@mail:~# ss -tlnp | grep 3389
>> LISTEN 0      2                       *:3389             *:*    users:(("xrdp",pid=202831,fd=11))
>> -> either way behaviour is the same, tcp connection works from localhost but not from other host.
> Note that "" means IPv4 only, and * means v4 and v6 will
> be accepted.
I know… however, the reason why I pointed our the port config from xrdp.ini in 1st place, is that (according to "netstat -tulpn“) xrdp configured for * (to listen on tcp4 && tcp6) does ONLY listen on tcp6 but not tcp4.

- when using using „port=3389“ in xrdp.ini:
root@server:~# netstat -tulpn |grep -i rdp
tcp6       0      0 :::3389                 :::*                    LISTEN      202831/xrdp
tcp6       0      0          :::*                    LISTEN      202821/xrdp-sesman

- when using „port=tcp://:3389“ in xrdp.ini:
root@server:~# netstat -tulpn |grep -i rdp
tcp        0      0  *               LISTEN      204201/xrdp
tcp6       0      0          :::*                    LISTEN      204191/xrdp-sesman

> Given the information that you have supplied, there is a packet
> dropping mechanism of some kind between your process on the
> other machine and this one. It could be on that other machine,
> on this machine, or in some network device between them.
My assumption too (unless it’s a weird bug within used pkg version of xrdp)… thats why i provided evidence of the cleared iptables & tcpdump before
How to figure out where exactly the connection gets dropped (e.g. which process or kernel module is dropping it)?

> Can you show that other ports on this machine are reachable from
> the other one? Say, 22?
client:~ user$ nc -zv 22
Connection to port 22 [tcp/ssh] succeeded!
client:~ user$ nc -zv 25
Connection to port 25 [tcp/smtp] succeeded!
client:~ user$ nc -zv 3389
nc: connectx to port 3389 (tcp) failed: Operation timed out

> -dsr-

Reply to: