Hi. I have gotten Guac setup on a PC w/ VMware workstation, using Ver 1.5.3 and also on a server at work. Just to get the feel of all of the parts.
Now moving on to how I’d like to productionalize this using vmware / proxmox I am pretty sure I have a “network” and “network routing issue” – I am sure my problem is getting guacd to “talk outside its hosting docker container management engine”. For our intended production use, I haven’t gotten things right. My thought process is to use a docker network so that the MySQL server can be completely isolated on the host, idea being I don’t want a port exposed, just want guacamole / guacd to be able to talk to it. To that end, I have guacd on 192.168.10.3, mysql on 192.168.10.2, guacamole on 192.168.10.4. (the 192.168.10 is different from actual, the host IP is the same). I have used the cmd line parameter “-ip 192.168.10.X”, and then used the ENV varibs on the guacamole start up so guacamole (web) can see the other two. The host itself is on 10.120.33.X, and I can get to 10.120.33.X:8080 – so I have reachability to the guacamole web UI, can login, etc. When I define a target that is on 10.120.33.X – like the SSH port for the guac container host, or a RDP target for Windows on 10.120.33.X, I get the “reconnect” message, and the Logs option tells me that the target does not respond, connection time out. As I am reading errors, it certainly looks like a routing issue, the guacd container doesn’t know how to get outside of Docker. So the question is: If the host is on 10.120.33.X and it has a default gateway to other segments, how do I isolate to the extent possible guacd and mysql, while still allowing guacd to talk out (and what is the corresponding command line parameter?) -- Don M -> www.blueteamhandbook.com Author.
