Hi list, Completely stuck here, any clue appreciated!
Trying to bring up XRDP service on Debian 11-bullsyeye (arm64, incl. backports, fully up-to-date) which is only listening on „lo“ interface (not eth0) even netstat indicates otherwise: -> incoming tcp syn/ack on localhost interfact (lo) works fine -> incoming tcp syn/ack on eth0 interface seems not to reach app listening process (while other services on same host are working just fine via the network - so it’s not an „physical" network issue). -> iptables are cleared and not aware of any other netfilter running… --------------------- - XRDP is listening on 3389: root@server:~# netstat -tulpn |grep -i rdp tcp 0 0 0.0.0.0:3389 0.0.0.0:* LISTEN 657/xrdp tcp6 0 0 127.0.0.1:3350 :::* LISTEN 615/xrdp-sesman --------------------- - using following XRDP pkg versions: root@server:~# dpkg -l |grep -i rdp ii xorgxrdp 1:0.2.17-1~bpo11+rpt1 arm64 Remote Desktop Protocol (RDP) modules for X.org ii xrdp 0.9.21.1-1~deb11u1 arm64 Remote Desktop Protocol (RDP) server --------------------- - TCP connection test from localhost to interface „lo“ works fine: root@server:~# nc -zv $(hostname -I) 3389 Connection to 192.168.178.156 3389 port [tcp/ms-wbt-server] succeeded! root@server:~# nc -zv localhost 3389 Connection to localhost (127.0.0.1) 3389 port [tcp/ms-wbt-server] succeeded! …these connections also appear in xrdp log …tcpdump of lo interface (successful) of tcp-syn/ack attached as evidence --------------------- - When trying same connection test from other host in same LAN it times out (again, other ports/services run just fine - so network itself is not the issue) client:~ user$ nc -zv 192.168.178.156 3389 nc: connectx to 192.168.178.156 port 3389 (tcp) failed: Operation timed out …while nothing is logged in xrdp log ...tcpdump of eth0 interface (failed) of tcp-syn (no tcp-ack) attached as evidence --------------------- - iptables on server are cleared/open (firewalld or other firewall frameworks are not used/installed). Evidence of cleared iptables (nft) and iptables-legacy attached. --------------------- - tcpdump shows tcp-syn input on „eth0" but never ack’ while tcpdump on „lol“ shows correct syn/ack on tcp connection test (see tcpdump output attached) --------------------- - Observation on tcp listening behaviour from XRDP configuration in /etc/xrdp/xrdp.ini (file attached) — by default xrdp.ini listening config is set to "port=3389“ (which is expected to listen on ipv4 && ipv6 in parallel as I understand). However using that seems only to listen on tcp4 according to „netstat“ — therefore changed listening config to "port=tcp://:3389“ (which is exprected to listen on ip4/tcp only)… which seems todo that as per netstat output shown above —> This isn’t necessarily an issue but since my issue is related to the listening on network interface I thought it’s worth to point-out this observation. Thanks for any clue! Best, Henggi
xrdp.ini
Description: Binary data
root@server:~# tcpdump -i eth0 port 3389 -n tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes 15:35:47.373482 IP client.54916 > server.3389: Flags [S], seq 3524300023, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4011077615 ecr 0,sackOK,eol], length 0 15:35:48.374032 IP client.54916 > server.3389: Flags [S], seq 3524300023, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4011078615 ecr 0,sackOK,eol], length 0 15:35:49.374518 IP client.54916 > server.3389: Flags [S], seq 3524300023, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4011079616 ecr 0,sackOK,eol], length 0 15:35:50.376164 IP client.54916 > server.3389: Flags [S], seq 3524300023, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4011080617 ecr 0,sackOK,eol], length 0 15:35:51.376110 IP client.54916 > server.3389: Flags [S], seq 3524300023, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4011081617 ecr 0,sackOK,eol], length 0 15:35:52.376332 IP client.54916 > server.3389: Flags [S], seq 3524300023, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4011082617 ecr 0,sackOK,eol], length 0 15:35:54.376134 IP client.54916 > server.3389: Flags [S], seq 3524300023, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4011084617 ecr 0,sackOK,eol], length 0 ^C 7 packets captured 7 packets received by filter 0 packets dropped by kernel
root@server:~# iptables -L -n -v # Warning: iptables-legacy tables present, use iptables-legacy to see them Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination --- root@server:~# iptables -L -n -v -t nat # Warning: iptables-legacy tables present, use iptables-legacy to see them Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination --- root@server:~# iptables-legacy -L -n -v Chain INPUT (policy ACCEPT 26127 packets, 2616K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 22521 packets, 2432K bytes) pkts bytes target prot opt in out source destination â root@server:~# iptables-legacy -L -n -v -t nat Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
root@server:~# tcpdump -i lo port 3389 -n tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on lo, link-type EN10MB (Ethernet), snapshot length 262144 bytes 15:31:12.181689 IP server.49226 > server.3389: Flags [S], seq 1253165152, win 65495, options [mss 65495,sackOK,TS val 358107563 ecr 0,nop,wscale 7], length 0 15:31:12.181745 IP server.3389 > server.49226: Flags [S.], seq 949267847, ack 1253165153, win 65483, options [mss 65495,sackOK,TS val 358107563 ecr 358107563,nop,wscale 7], length 0 15:31:12.181802 IP server.49226 > server.3389: Flags [.], ack 1, win 512, options [nop,nop,TS val 358107563 ecr 358107563], length 0 15:31:12.182888 IP server.49226 > server.3389: Flags [F.], seq 1, ack 1, win 512, options [nop,nop,TS val 358107564 ecr 358107563], length 0 15:31:12.183318 IP server.3389 > server.49226: Flags [.], ack 2, win 512, options [nop,nop,TS val 358107565 ecr 358107564], length 0 15:31:12.185739 IP server.3389 > server.49226: Flags [F.], seq 1, ack 2, win 512, options [nop,nop,TS val 358107567 ecr 358107564], length 0 15:31:12.185790 IP server.49226 > server.3389: Flags [.], ack 2, win 512, options [nop,nop,TS val 358107567 ecr 358107567], length 0 ^C 7 packets captured 14 packets received by filter 0 packets dropped by kernel
