guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mjum...@apache.org>
Subject Re: Gaucamole in front of NAT
Date Wed, 19 Dec 2018 06:02:47 GMT
On Tue, Dec 18, 2018 at 11:59 AM sciUser <shulbert@securitycentric.net>
wrote:

> Figure a picture is worth a thousand words.  The Green line is a windows
> RDP
> client connection.  The red line is trying to connect using Guacamole.  The
> Natter is set to forward all connections to the end point. So with this
> type
> of topology Guacamole is already in the same network so no need to know
> about the 11.11.11.x network since the Natter is acting as a router. With
> this in mind does the Guacd still need to know about the route?
>

It's the OS kernel / networking stack that needs to know about the route.
The existence/lack of such a route is outside the concern of guacd, but a
route does need to exist for things to work.

>From guacd's perspective, there is simply an IP address and TCP port. Just
like any other remote desktop client, guacd will ask the OS to establish an
outbound TCP connection to that address and port. Whether that succeeds
depends on whether the system is reachable (a route exists) from the
network of the server hosting guacd.

You mentioned in an older email that you were going to try obtaining a PCAP
of the connection failure to see what might be going wrong at the network
level. How did that go?

- Mike

Mime
View raw message