Simplest way to allow RDP on Ubuntu network installation #13868
-
Version2.4.10 Installation MethodNetwork installation on Ubuntu (unsupported) Descriptionconfiguration Installation TypeStandalone Locationcloud Hardware SpecsMeets minimum requirements CPU4 RAM16 GiB Storage for /500 GB Storage for /nsm150 GB Network Traffic Collectionother (please provide detail below) Network Traffic Speeds1Gbps to 10Gbps StatusYes, all services on all nodes are running OK Salt StatusNo, there are no failures LogsNo, there are no additional clues DetailHello Security Onion, I wanted to open a thread as my company has installed a dev implementation of Onion on one of our cloud Ubuntu servers (I understand that this version is not supported) and we have some questions about firewall configuration. Specifically, we have some users who need to log into this particular server via xRDP for work purposes and this access has been disrupted since we completed the network install of Onion. It is my understanding that Onion's firewall blocks RDP by default, and this is supported by the fact that xRDP seems to still be listening on the correct port and all the expected processes are running on the server in question. I have read as much as I can in the existing documentation about the configuration of the firewall using hostgroups and portgroups, and I've successfully added our corporate CIDR block to at least one of the default hostgroups to allow access for that particular application. I have also defined customhostgroup0 and customportgroup0 to reflect our production CIDR block and the correct ports for RDP, respectively. However, I am somewhat confused about the correct application of these groups to the host firewall itself to allow for RDP access. How should I apply these rules to the firewall for our standalone instance so that users on our corporate network will be able to access this server via RDP as they could before the Onion network install? Thank you very much for any help you can provide. Again I understand that our version of Onion is not supported per se, but I am hoping that there is an easy fix I have simply missed. Please let me know if you have any additional questions. Guidelines
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
If you've put the appropriate IP ranges into customhostgroup0, and the appropriate ports into customportgroup0, then the last step would be to put "customportgroup0" into this Configuration option: firewall > role > standalone > chain > INPUT > hostgroups > customhostgroup0 > portgroups [adv] Note that you'll need to enable advanced options to see it. After adding this configuration option, either click on Synchronize Grid under Options or wait fifteen minutes for the firewall rules to update. |
Beta Was this translation helpful? Give feedback.
-
|
This works, thank you! |
Beta Was this translation helpful? Give feedback.
If you've put the appropriate IP ranges into customhostgroup0, and the appropriate ports into customportgroup0, then the last step would be to put "customportgroup0" into this Configuration option:
firewall > role > standalone > chain > INPUT > hostgroups > customhostgroup0 > portgroups [adv]
Note that you'll need to enable advanced options to see it. After adding this configuration option, either click on Synchronize Grid under Options or wait fifteen minutes for the firewall rules to update.