Re: Network tcp/iptables issue with XRDP

To: Arno Lehmann <al@its-lehmann.de>
Cc: debian-user@lists.debian.org
Subject: Re: Network tcp/iptables issue with XRDP
From: Henggi <henggi667@me.com>
Date: Tue, 24 Oct 2023 16:19:09 +0200
Message-id: <[🔎] DCD5626A-CB21-4B4B-9A01-934D203CABEE@me.com>
In-reply-to: <[🔎] 5b0fb1dd-d038-4f14-87ca-7f3d62a9b689@its-lehmann.de>
References: <[🔎] 9F89AC01-77CF-4C50-BAB3-6F5A5D9082F4@gmail.com> <[🔎] 5b0fb1dd-d038-4f14-87ca-7f3d62a9b689@its-lehmann.de>

> On 24 Oct 2023, at 15:30, Arno Lehmann <al@its-lehmann.de> wrote:
> 
> Hi Henggi, all,
Hi Arno, thanks for your reply!
> 
> Am 24.10.2023 um 14:04 schrieb Henggi:
>> Hi list,
>> Completely stuck here, any clue appreciated!
>> Trying to bring up XRDP service on Debian 11-bullsyeye (arm64, incl. backports, fully up-to-date) which is only listening on „lo“ interface (not eth0) even netstat indicates otherwise:
>> -> incoming tcp syn/ack on localhost interfact (lo) works fine
>> -> incoming tcp syn/ack on eth0 interface seems not to reach app listening process (while other services on same host are working just fine via the network - so it’s not an „physical" network issue).
>> -> iptables are cleared and not aware of any other netfilter running…
> 
> I suggest to verify the other netfiler options.
> 
> Recently I encountered something similar, and my usual test for local firewall being active,
> 
> iptables -L -n
> 
> came back with policies "accept" all over the place, and no particular rules.
> 
> Took me a while to understand that firewalld can still do its job.
> 
> So, probably useful to check with
> 
> systemctl status firewalld
As I mentioned in my 1st email, I think (afaik) that no other netfitler module/service is running.

root@server:~# systemctl status firewalld
Unit firewalld.service could not be found.


However, then there are kernel modules loaded when looking for „net OR filter OR fire OR ip“ as followed (of which I assume are just loaded as part of the default base system but not doing anyhting - how to be sure of it):

root@server:~# lsmod |egrep -i "net|filter|fire|ip"
inet_diag              28672  1 tcp_diag
iptable_nat            16384  0
nf_nat                 49152  1 iptable_nat
iptable_filter         16384  0
nf_defrag_ipv6         20480  1 nf_conntrack
nf_defrag_ipv4         16384  1 nf_conntrack
nfnetlink              20480  1 nf_tables
ip_tables              32768  2 iptable_filter,iptable_nat
x_tables               53248  3 iptable_filter,ip_tables,iptable_nat
ipv6                  557056  20


> 
> and use firewallcmd in an appropriate manner, if you find that to be active.
> 
> Good luck!
> 
> Arno
> 
> -- 
> Arno Lehmann
> 
> IT-Service Lehmann
> Sandstr. 6, 49080 Osnabrück
>

Reply to:

Follow-Ups:
- Re: Network tcp/iptables issue with XRDP
  - From: Arno Lehmann <al@its-lehmann.de>

References:
- Network tcp/iptables issue with XRDP
  - From: Henggi <henggi667@gmail.com>
- Re: Network tcp/iptables issue with XRDP
  - From: Arno Lehmann <al@its-lehmann.de>

Prev by Date: Re: Network tcp/iptables issue with XRDP
Next by Date: Re: Which Network Controller Card handling Wi-Fi, Bluetooth, etc., connectivities, is GNU/Linux Approved/certified, and would be (1) compatible with my HP laptop's motherboard, and (2) could replace the "Network controller: Broadcom Inc. and subsidiaries BCM43142 802.11b/g/n (rev 01)"
Previous by thread: Re: Network tcp/iptables issue with XRDP
Next by thread: Re: Network tcp/iptables issue with XRDP
Index(es):
- Date
- Thread