1

I'm new here and I've just installed and configured xRDP and XFCE4 on my Ubuntu 16 server so I can Remote Desktop from my Windows PC. Faizan Akram Dar's answer worked perfectly! Then I installed an open VPN server and followed the recommendations to activate the UFW firewall. And so the Remote Desktop no longer worked. I solved it by adding to the the UFW rules the whole IP range of my router's DHCP service and the 3389 port.

sudo ufw allow from 192.168.1.1 to 192.168.1.100
sudo ufw allow 3389

However, I was wondering if there is a way to set up a more restrictive rule for this purpose.

Thank you!

Tudor
  • 11

1 Answers1

6

I don't think those rules do what you think they do.

sudo ufw allow from 192.168.1.1 to 192.168.1.100

allows connections to ANY port with ANY protocol FROM the single address 192.168.1.1 TO the single address 192.168.1.100 - unless your interface is actually configured on 192.168.1.100 and you have a client at 192.168.1.1 this will have no effect.

On the other hand,

sudo ufw allow 3389

will allow connections to port 3389 with ANY protocol from ANY remote address to ANY local interface.

Probably what you want is either

sudo ufw allow from 192.168.1.0/24 to any port 3389

or (slightly more restrictive)

sudo ufw allow from 192.168.1.0/24 to any port 3389 proto tcp

which will allow any clients on the local CIDR subnet 192.168.1.1 to 192.168.1.254 to connect to the RDP port using TCP:

$ sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22/tcp                     ALLOW IN    192.168.1.0/24            
[ 2] 3389/tcp                   ALLOW IN    192.168.1.0/24            
steeldriver
  • 136,215
  • 21
  • 243
  • 336