How to add xRDP and XFCE4 o UFW rules?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP








up vote
0
down vote

favorite












I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly!
Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.



sudo ufw allow from 192.168.1.1 to 192.168.1.100
sudo ufw allow 3389


However, I was wondering if there is a way to set up a more restrictive rule for this purpose.



Thank you!






xfce remote-desktop ufw xrdp







share|improve this question

























    up vote
    0
    down vote

    favorite












    I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly!
    Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.



    sudo ufw allow from 192.168.1.1 to 192.168.1.100
    sudo ufw allow 3389


    However, I was wondering if there is a way to set up a more restrictive rule for this purpose.



    Thank you!






    xfce remote-desktop ufw xrdp







    share|improve this question























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly!
      Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.



      sudo ufw allow from 192.168.1.1 to 192.168.1.100
      sudo ufw allow 3389


      However, I was wondering if there is a way to set up a more restrictive rule for this purpose.



      Thank you!






      xfce remote-desktop ufw xrdp







      share|improve this question













      I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly!
      Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.



      sudo ufw allow from 192.168.1.1 to 192.168.1.100
      sudo ufw allow 3389


      However, I was wondering if there is a way to set up a more restrictive rule for this purpose.



      Thank you!






      xfce remote-desktop ufw xrdp




      xfce remote-desktop ufw xrdp






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jan 29 at 23:06









      Tudor

      1




      1




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          I don't think those rules do what you think they do.



          sudo ufw allow from 192.168.1.1 to 192.168.1.100


          allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.



          On the other hand,



          sudo ufw allow 3389


          will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.



          Probably what you want is either



          sudo ufw allow from 192.168.1.0/24 to any port 3389


          or (slightly more restrictive)



          sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp


          which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:



          $ sudo ufw status numbered
          Status: active

           To Action From
           -- ------ ----
          [ 1] 22/tcp ALLOW IN 192.168.1.0/24 
          [ 2] 3389/tcp ALLOW IN 192.168.1.0/24





          share|improve this answer




















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "89"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1001154%2fhow-to-add-xrdp-and-xfce4-o-ufw-rules%23new-answer', 'question_page');

            );

            Post as a guest

















            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            0
            down vote













            I don't think those rules do what you think they do.



            sudo ufw allow from 192.168.1.1 to 192.168.1.100


            allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.



            On the other hand,



            sudo ufw allow 3389


            will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.



            Probably what you want is either



            sudo ufw allow from 192.168.1.0/24 to any port 3389


            or (slightly more restrictive)



            sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp


            which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:



            $ sudo ufw status numbered
            Status: active

             To Action From
             -- ------ ----
            [ 1] 22/tcp ALLOW IN 192.168.1.0/24 
            [ 2] 3389/tcp ALLOW IN 192.168.1.0/24





            share|improve this answer
























              up vote
              0
              down vote













              I don't think those rules do what you think they do.



              sudo ufw allow from 192.168.1.1 to 192.168.1.100


              allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.



              On the other hand,



              sudo ufw allow 3389


              will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.



              Probably what you want is either



              sudo ufw allow from 192.168.1.0/24 to any port 3389


              or (slightly more restrictive)



              sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp


              which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:



              $ sudo ufw status numbered
              Status: active

               To Action From
               -- ------ ----
              [ 1] 22/tcp ALLOW IN 192.168.1.0/24 
              [ 2] 3389/tcp ALLOW IN 192.168.1.0/24





              share|improve this answer






















                up vote
                0
                down vote










                up vote
                0
                down vote









                I don't think those rules do what you think they do.



                sudo ufw allow from 192.168.1.1 to 192.168.1.100


                allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.



                On the other hand,



                sudo ufw allow 3389


                will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.



                Probably what you want is either



                sudo ufw allow from 192.168.1.0/24 to any port 3389


                or (slightly more restrictive)



                sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp


                which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:



                $ sudo ufw status numbered
                Status: active

                 To Action From
                 -- ------ ----
                [ 1] 22/tcp ALLOW IN 192.168.1.0/24 
                [ 2] 3389/tcp ALLOW IN 192.168.1.0/24





                share|improve this answer












                I don't think those rules do what you think they do.



                sudo ufw allow from 192.168.1.1 to 192.168.1.100


                allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.



                On the other hand,



                sudo ufw allow 3389


                will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.



                Probably what you want is either



                sudo ufw allow from 192.168.1.0/24 to any port 3389


                or (slightly more restrictive)



                sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp


                which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:



                $ sudo ufw status numbered
                Status: active

                 To Action From
                 -- ------ ----
                [ 1] 22/tcp ALLOW IN 192.168.1.0/24 
                [ 2] 3389/tcp ALLOW IN 192.168.1.0/24






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jan 29 at 23:56









                steeldriver

                63.6k1199168




                63.6k1199168



























                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1001154%2fhow-to-add-xrdp-and-xfce4-o-ufw-rules%23new-answer', 'question_page');

                    );

                    Post as a guest
































































                    -

                    Popular posts from this blog

                    Trouble downloading packages list due to a “Hash sum mismatch” error

                    Image
                    Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 331 down vote favorite 117 When I check for updates, I get a "Failed To Download Repository Information" error. This is what comes up under details: W: Failed to fetch gzip:/var/lib/apt/lists/partial/us.archive.ubuntu.com_ubuntu_dists_natty_main_source_Sources Hash Sum mismatch, E: Some index files failed to download. They have been ignored, or old ones used instead. apt share | improve this question edited Nov 12 '14 at 23:37 Braiam 49.5k 19 130 210 asked May 9 '11 at 20:55 Rob 5,300 10 26 40 add a comment  |  up vote 331 down vote favorite 117 When I check for updates, I get a "Failed To Download Repository Information" error. This is what comes up under details: W: Failed to fetch gzip:/var/lib/apt/lists/partial/us.archive.ubuntu.com_ubuntu_dists_nat...
                    Read more

                    How do so many people here on Academia.SE, and in general, afford lavish higher education programs?

                    Image
                    Clash Royale CLAN TAG #URR8PPP up vote 45 down vote favorite 7 I graduated last year with a BS in Computer Science. I do not come from a particularly wealthy family, (very low middle class), and was only able to afford my education via school loans/scholarships and working low-wage jobs, with no support from my family or anyone else. I realize some scholarship/loan programs extend into grad school. But I don't think those cover all costs. Now I'm lucky enough to have a decent-paying salary in industry, along with benefits and living on my own, and I'm thinking one day (sooner rather than later) I'd like to try my hand at research or continue my degree, but these things cost money, in addition to my regular living expenses. I read posts here often about academic people being in positions of choosing between these crazy research grad programs, some in Japan, or Ireland (while they currently live in the U.S./U.K.) then moving around between countries/universit...
                    Read more

                    Cutting all the characters after the last /

                    Image
                    Clash Royale CLAN TAG #URR8PPP up vote 8 down vote favorite 1 How do I cut all characters after the last '/'? This text xxxx/x/xx/xx/xxxx/x/yyyyy xxx/xxxx/xxxxx/yyy should return xxxx/x/xx/xx/xxxx/x xxx/xxxx/xxxxx command-line text-processing share | improve this question edited Feb 28 at 3:57 muru 130k 19 274 467 asked Feb 27 at 15:27 Josef Klimuk 542 1 12 4 Are you trying to omit or isolate the characters after the last / ? – dsstorefile1 Feb 27 at 15:34 Good question, I just realised that we didn't understand the question the same way – Félicien Feb 27 at 15:35 3 The commands basename and dirname do this already. – Michael Hampton Feb 28 at 0:49 I don't think edit #5 to the question was correct. Using the word "cut" might be ambiguous; if you cut something, do you throw away that part...
                    Read more