[Solved] UFW Firewall and NoMachine

Questions about applications and software
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
Laugh2
Level 4
Level 4
Posts: 275
Joined: Fri Aug 16, 2013 4:01 am

[Solved] UFW Firewall and NoMachine

Post by Laugh2 »

I'm trialing NoMachine as an alternative to Teamviewer to support my elderly mother's computer needs. So I'm trialing this using LM19.3 on VirtualBox. Very soon after installation I could access from computers both via the local address and via a VPN using the external IP and port. I set up Port Forwarding in the router to enable access from outside the local network.

However, as soon as I reactivated the firewall UFW on the host I ran into problems. I opened UFW to the ports concerned based on:
https://kifarunix.com/control-nomachine ... -firewall/
https://knowledgebase.nomachine.com/AR10R01099
https://www.linux.com/training-tutorial ... ewall-ufw/.

By default for NoMachine: So UFW is configured as follows:

Code: Select all

$ sudo ufw status verbose
[sudo] password for XXXX:               
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
4011:4999/udp              ALLOW IN    Anywhere                  
4000,4080,4443/tcp         ALLOW IN    Anywhere                  
4011:4999/udp (v6)         ALLOW IN    Anywhere (v6)             
4000,4080,4443/tcp (v6)    ALLOW IN    Anywhere (v6)
Now, although access is still possible locally using the Local IP address, once UFW is active NoMachine no longer provides an External IP address and access from outside the local network is no longer possible. If UFW is disabled then NoMachine again provides an External IP address (and port) and access is again possible from outside the local network.

Does someone know how to let NoMachine find an External IP while UFW is enabled? (And so allow access to the machine from other locations.)
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Laugh2
Level 4
Level 4
Posts: 275
Joined: Fri Aug 16, 2013 4:01 am

Re: UFW Firewall and NoMachine

Post by Laugh2 »

I've also opened UFW for SSH but this still hasn't helped:

Code: Select all

$ sudo ufw status verbose
[sudo] password for XXXX:               
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
4011:4999/udp              ALLOW IN    Anywhere                  
4000,4080,4443/tcp         ALLOW IN    Anywhere                  
22/tcp                     ALLOW IN    Anywhere                  
4011:4999/udp (v6)         ALLOW IN    Anywhere (v6)             
4000,4080,4443/tcp (v6)    ALLOW IN    Anywhere (v6)             
22/tcp (v6)                ALLOW IN    Anywhere (v6)
The "machine" concerned is LM19.3 (upgraded from LM19.1) running on VirtualBox 6.1.34 r150636 ( Qt5.12.8 ) all fully updated. Any thoughts, anyone?
deepakdeshp
Level 20
Level 20
Posts: 12333
Joined: Sun Aug 09, 2015 10:00 am

Re: UFW Firewall and NoMachine

Post by deepakdeshp »

To eliminate firewall as an issue,disable it completely temporaryly and test.
If I have helped you solve a problem, please add [SOLVED] to your first post title, it helps other users looking for help.
Regards,
Deepak

Mint 21.1 Cinnamon 64 bit with AMD A6 / 8GB
Mint 21.1 Cinnamon AMD Ryzen3500U/8gb
Laugh2
Level 4
Level 4
Posts: 275
Joined: Fri Aug 16, 2013 4:01 am

Re: UFW Firewall and NoMachine

Post by Laugh2 »

deepakdeshp wrote: Wed Apr 27, 2022 7:48 pm To eliminate firewall as an issue,disable it completely temporaryly and test.
Yes, it does work fine when ufw is disabled e.g.:

Code: Select all

sudo ufw disable
Without UFW there is no problem: NoMachine finds its external IP address and port, and also accessing from external locations works like a charm.
deepakdeshp
Level 20
Level 20
Posts: 12333
Joined: Sun Aug 09, 2015 10:00 am

Re: UFW Firewall and NoMachine

Post by deepakdeshp »

Laugh2 wrote: Thu Apr 28, 2022 3:46 am
deepakdeshp wrote: Wed Apr 27, 2022 7:48 pm To eliminate firewall as an issue,disable it completely temporaryly and test.
Yes, it does work fine when ufw is disabled e.g.:

Code: Select all

sudo ufw disable
Without UFW there is no problem: NoMachine finds its external IP address and port, and also accessing from external locations works like a charm.
That is your ufw rules aren't proper and have to be tweaked.
If I have helped you solve a problem, please add [SOLVED] to your first post title, it helps other users looking for help.
Regards,
Deepak

Mint 21.1 Cinnamon 64 bit with AMD A6 / 8GB
Mint 21.1 Cinnamon AMD Ryzen3500U/8gb
User avatar
diabolicbg
Level 6
Level 6
Posts: 1359
Joined: Mon Mar 01, 2021 8:20 am
Location: Sofia, Bulgaria

Re: UFW Firewall and NoMachine

Post by diabolicbg »

Laugh2 wrote: Thu Apr 28, 2022 3:46 am
deepakdeshp wrote: Wed Apr 27, 2022 7:48 pm To eliminate firewall as an issue,disable it completely temporaryly and test.
Yes, it does work fine when ufw is disabled e.g.:

Code: Select all

sudo ufw disable
Without UFW there is no problem: NoMachine finds its external IP address and port, and also accessing from external locations works like a charm.
I don't mean anything bad about the Linux firewall, but writing rules probably requires well above average skill. I couldn't get the hang of it for using Kody.
But I'd recommend you try Portmaster, which although it's under testing, works beautifully and stably. I only have two instances where it blocked something I used /sites/ and which it no longer blocks once I set a domain rule.
And with Portmaster, creating rules is like child's play - simple and intuitive.
https://safing.io/portmaster/
- You see, in this world there are two kinds of people, my friend, those with loaded guns, and those who dig. You dig. - "The Good, the Bad and the Ugly"
User avatar
Coggy
Level 5
Level 5
Posts: 608
Joined: Thu Mar 31, 2022 10:34 am

Re: UFW Firewall and NoMachine

Post by Coggy »

At this stage I think it might be a good idea to have a close look at the network activity while the attempted connection fails.
This page https://linuxhint.com/check-my-ufw-log/ shows how to look at the ufw log, which with any luck will show which port is being blocked.

Failing that, running tcpdump to output a list of packets reaching the interface should show up a connection attempt that repeats and gets no reply.
Laugh2
Level 4
Level 4
Posts: 275
Joined: Fri Aug 16, 2013 4:01 am

Re: UFW Firewall and NoMachine

Post by Laugh2 »

Coggy wrote: Thu Apr 28, 2022 3:03 pm At this stage I think it might be a good idea to have a close look at the network activity while the attempted connection fails.
This page https://linuxhint.com/check-my-ufw-log/ shows how to look at the ufw log, which with any luck will show which port is being blocked.

Failing that, running tcpdump to output a list of packets reaching the interface should show up a connection attempt that repeats and gets no reply.
OK, here's UFW's log:

Code: Select all

sudo tail -f /var/log/ufw.log
[sudo] password for richard:               
sudo tail -f /var/log/ufw.log
[sudo] password for richard:               
Apr 28 11:00:17 XXXX kernel: [ 1923.790115] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=XXXX DST=XXXX LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=21556 PROTO=UDP SPT=1900 DPT=41744 LEN=441 
Apr 28 11:00:20 XXXX kernel: [ 1926.749966] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=XXXX DST=XXXX LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=21969 PROTO=UDP SPT=1900 DPT=38258 LEN=441 
Apr 28 11:00:22 XXXX kernel: [ 1928.793155] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=XXXX DST=XXXX LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=23539 PROTO=UDP SPT=1900 DPT=41595 LEN=441 
Apr 29 09:19:43 XXXX kernel: [  522.798918] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=XXXX DST=XXXX LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57024 PROTO=TCP SPT=48631 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
Apr 29 09:21:06 XXXX kernel: [  605.857730] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=XXXX DST=XXXX LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=50040 PROTO=UDP SPT=1900 DPT=57857 LEN=441 
Apr 29 09:30:08 XXXX kernel: [ 1148.363335] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=XXXX DST=XXXX LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=28864 PROTO=UDP SPT=1900 DPT=47416 LEN=441 
Apr 29 09:30:27 XXXX kernel: [ 1166.899217] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=XXXX DST=XXXX LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=50506 PROTO=TCP SPT=45906 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
Apr 29 09:37:52 XXXX kernel: [ 1611.722694] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=XXXX DST=XXXX LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=47511 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 
Apr 29 09:39:11 XXXX kernel: [ 1691.032541] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=XXXX DST=XXXX LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=16236 PROTO=UDP SPT=1900 DPT=59829 LEN=441 
Apr 29 09:48:14 XXXX kernel: [ 2233.643204] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=XXXX DST=XXXX LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=19114 PROTO=UDP SPT=1900 DPT=40921 LEN=441
Hopefully this shines some light on the problem?
User avatar
Termy
Level 12
Level 12
Posts: 4254
Joined: Mon Sep 04, 2017 8:49 pm
Location: UK
Contact:

Re: UFW Firewall and NoMachine

Post by Termy »

Regarding SSH. The server (your mother's machine) needs the 'openssh-server' package installed. Minimally, it needs the service enabled and running (sudo systemctl enable --now ssh), and the server needs the SSH port you're using (default of 22, which you should never use) open for incoming connections to the target TCP port, assuming the server has the firewall (UFW) enabled, of course. The client (your machine) doesn't usually need to do anything special.

If you're having issues with a VirtualBox virtual machine, you might need to use a 'bridged' network connection; I do this a lot if I want to SSH into the VM from the host. To set this, refer to the networking settings of the VM.

Regarding the TeamViewer-like program, I have no idea, because I'm not familiar with it.
I'm also Terminalforlife on GitHub.
Laugh2
Level 4
Level 4
Posts: 275
Joined: Fri Aug 16, 2013 4:01 am

Re: UFW Firewall and NoMachine

Post by Laugh2 »

Termy wrote: Thu Apr 28, 2022 9:00 pm Regarding SSH. The server (your mother's machine) needs the 'openssh-server' package installed. Minimally, it needs the service enabled and running (sudo systemctl enable --now ssh), and the server needs the SSH port you're using (default of 22, which you should never use) open for incoming connections to the target TCP port, assuming the server has the firewall (UFW) enabled, of course. The client (your machine) doesn't usually need to do anything special.

If you're having issues with a VirtualBox virtual machine, you might need to use a 'bridged' network connection; I do this a lot if I want to SSH into the VM from the host. To set this, refer to the networking settings of the VM.

Regarding the TeamViewer-like program, I have no idea, because I'm not familiar with it.
Hi Termy,
I had only opened Port 22 in the hope it might allow NoMachine to work even when UFW is enabled - unfortunately it didn't help. So I have now closed Port 22 again. Since I'm not using ssh (currently) on this machine I shouldn't need it.

I have been using a Bridged connection with VirtualBox. On the off chance it might help I've just tried with the standard NAT connection - but without success so I'm now back with a Bridged connection.
User avatar
Coggy
Level 5
Level 5
Posts: 608
Joined: Thu Mar 31, 2022 10:34 am

Re: UFW Firewall and NoMachine

Post by Coggy »

I assume that the stuff being blocked is all incoming.
I can see two things trying to happen that are being blocked:

Firstly, UDP packets from port 1900 to assorted high ports. The fact that this is all the same source port but multiple high destination ports suggests that these are responses to something that's making multiple outgoing attempts to connect to port 1900. I would think that if it were as simple as UDP requests to port 1900 going out that ufw would have automatically opened the return path, so this is probably something more complicated. It might indicate that you need to whitelist the IP address of the calling machine because you can't predict which incoming ports need opening. Or it might be nothing to do with the issue, can't tell as you choose to hide the addresses.

Secondly, I see incoming connections to TCP port 3389 which is Remote Desktop Protocol. You could try allowing that but just from the machine you know is trying to connect. I'm surprised that Nomachine is trying to use RDP (or is it?). RDP is not known to be very secure. Maybe that's just hackers from other internet addresses trying their luck. No way to tell.

That log was taken from your mother's PC, wasn't it?
Laugh2
Level 4
Level 4
Posts: 275
Joined: Fri Aug 16, 2013 4:01 am

Re: UFW Firewall and NoMachine

Post by Laugh2 »

Coggy wrote: Fri Apr 29, 2022 5:34 am I assume that the stuff being blocked is all incoming.
I can see two things trying to happen that are being blocked:

Firstly, UDP packets from port 1900 to assorted high ports. ...

Secondly, I see incoming connections to TCP port 3389 which is Remote Desktop Protocol. ...

That log was taken from your mother's PC, wasn't it?
Hi Coggy, Thanks for your thoughts and suggestions. (Sorry I'm a bit slow replying due to pandemic-related staff shortages and work.) Here is a log from today with SRC and DST:

Code: Select all

Jul  3 10:54:36 VBox-R kernel: [ 1550.545872] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=13261 PROTO=UDP SPT=1900 DPT=33197 LEN=441 
Jul  3 10:54:40 VBox-R kernel: [ 1554.433509] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=14802 PROTO=UDP SPT=1900 DPT=54400 LEN=441 
Jul  3 10:54:42 VBox-R kernel: [ 1556.448956] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=15496 PROTO=UDP SPT=1900 DPT=38296 LEN=441 
Jul  3 10:54:44 VBox-R kernel: [ 1558.518850] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=16697 PROTO=UDP SPT=1900 DPT=53133 LEN=441 
Jul  3 10:54:46 VBox-R kernel: [ 1560.528031] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=18197 PROTO=UDP SPT=1900 DPT=51508 LEN=441 
Jul  3 10:54:48 VBox-R kernel: [ 1562.549139] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=18600 PROTO=UDP SPT=1900 DPT=58228 LEN=441 
Jul  3 10:58:42 VBox-R kernel: [ 1796.549969] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=27388 PROTO=UDP SPT=1900 DPT=38152 LEN=441 
Jul  3 10:58:47 VBox-R kernel: [ 1801.596058] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=32346 PROTO=UDP SPT=1900 DPT=40482 LEN=441 
Jul  3 10:58:49 VBox-R kernel: [ 1803.603013] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=33237 PROTO=UDP SPT=1900 DPT=35395 LEN=441 
Jul  3 10:59:14 VBox-R kernel: [ 1828.494328] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=53083 PROTO=UDP SPT=1900 DPT=49828 LEN=441 
Jul  3 10:59:16 VBox-R kernel: [ 1830.501608] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=54736 PROTO=UDP SPT=1900 DPT=47153 LEN=441 
Jul  3 10:59:18 VBox-R kernel: [ 1832.505640] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=55940 PROTO=UDP SPT=1900 DPT=40415 LEN=441 
Jul  3 11:03:50 VBox-R kernel: [ 2104.008056] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=13060 PROTO=UDP SPT=137 DPT=42192 LEN=70 
Jul  3 11:03:53 VBox-R kernel: [ 2107.018635] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=14430 PROTO=UDP SPT=137 DPT=38068 LEN=70 
Jul  3 11:08:21 VBox-R kernel: [ 2375.045720] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=44217 PROTO=UDP SPT=1900 DPT=42393 LEN=441 
Jul  3 11:17:23 VBox-R kernel: [ 2917.569268] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=43761 PROTO=UDP SPT=1900 DPT=36001 LEN=441 
Jul  3 11:19:07 VBox-R kernel: [ 3021.775931] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=97.74.81.123 DST=192.168.1.70 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=28107 PROTO=TCP SPT=40206 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
Jul  3 11:19:16 VBox-R kernel: [ 3030.195113] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=37.9.13.178 DST=192.168.1.70 LEN=40 TOS=0x00 PREC=0x20 TTL=240 ID=23407 PROTO=TCP SPT=38237 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
Jul  3 11:20:35 VBox-R kernel: [ 3109.770193] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=30088 PROTO=UDP SPT=1900 DPT=52726 LEN=441 
Jul  3 11:20:39 VBox-R kernel: [ 3113.551607] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=31813 PROTO=UDP SPT=1900 DPT=60780 LEN=441 
Jul  3 11:20:41 VBox-R kernel: [ 3115.557974] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=32576 PROTO=UDP SPT=1900 DPT=54837 LEN=441 
Jul  3 11:27:49 VBox-R kernel: [ 3542.966499] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=10609 PROTO=UDP SPT=1900 DPT=53542 LEN=441 
Jul  3 11:27:52 VBox-R kernel: [ 3546.857563] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=11349 PROTO=UDP SPT=1900 DPT=48173 LEN=441 
Jul  3 11:27:54 VBox-R kernel: [ 3548.863953] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=13013 PROTO=UDP SPT=1900 DPT=46127 LEN=441 
Jul  3 11:28:47 VBox-R kernel: [    6.194977] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=53273 PROTO=UDP SPT=1900 DPT=36478 LEN=441 
Jul  3 11:28:49 VBox-R kernel: [    8.203751] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=55010 PROTO=UDP SPT=1900 DPT=49519 LEN=441 
Jul  3 11:29:32 VBox-R kernel: [    7.623815] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=11251 PROTO=UDP SPT=1900 DPT=60455 LEN=441 
Jul  3 11:29:34 VBox-R kernel: [    9.439500] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=104.16.160.101 DST=192.168.1.70 LEN=1228 TOS=0x00 PREC=0x00 TTL=59 ID=4536 DF PROTO=UDP SPT=443 DPT=53612 LEN=1208 
Jul  3 11:29:34 VBox-R kernel: [    9.439595] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=104.16.160.101 DST=192.168.1.70 LEN=1228 TOS=0x00 PREC=0x00 TTL=59 ID=4537 DF PROTO=UDP SPT=443 DPT=53612 LEN=1208 
Jul  3 11:29:34 VBox-R kernel: [    9.645783] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=13145 PROTO=UDP SPT=1900 DPT=51220 LEN=441 
Jul  3 11:33:24 VBox-R kernel: [  240.836286] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=198.235.24.14 DST=192.168.1.70 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=62362 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 
Jul  3 11:34:45 VBox-R kernel: [  321.776056] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=24020 PROTO=UDP SPT=1900 DPT=54547 LEN=441 
Jul  3 11:34:49 VBox-R kernel: [  325.620748] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=24415 PROTO=UDP SPT=1900 DPT=36431 LEN=441 
Jul  3 11:34:51 VBox-R kernel: [  327.628151] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=25745 PROTO=UDP SPT=1900 DPT=44505 LEN=441 
Jul  3 11:42:30 VBox-R kernel: [  786.656219] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=53304 PROTO=UDP SPT=1900 DPT=34378 LEN=441 
Jul  3 11:42:34 VBox-R kernel: [  790.429013] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=56873 PROTO=UDP SPT=1900 DPT=42933 LEN=441 
Jul  3 11:42:36 VBox-R kernel: [  792.440406] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=57913 PROTO=UDP SPT=1900 DPT=59845 LEN=441 
Jul  3 11:42:53 VBox-R kernel: [  810.069515] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=103.207.38.164 DST=192.168.1.70 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=32005 PROTO=TCP SPT=51276 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
Jul  3 11:45:45 VBox-R kernel: [  981.653160] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=30321 PROTO=UDP SPT=137 DPT=53230 LEN=70 
Jul  3 11:45:48 VBox-R kernel: [  984.689058] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=30645 PROTO=UDP SPT=137 DPT=40968 LEN=70 
Jul  3 11:48:27 VBox-R kernel: [ 1144.085892] [UFW BLOCK] IN=enp0s3 OUT= MAC=YYYY SRC=192.168.1.200 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=18958 PROTO=2 
Jul  3 11:48:27 VBox-R kernel: [ 1144.086674] [UFW BLOCK] IN=enp0s3 OUT= MAC=YYYY SRC=192.168.1.200 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=60845 PROTO=2 
Jul  3 11:50:20 VBox-R kernel: [    7.852496] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=10607 PROTO=UDP SPT=1900 DPT=50995 LEN=441 
Jul  3 11:50:22 VBox-R kernel: [    9.861701] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=11151 PROTO=UDP SPT=1900 DPT=57040 LEN=441 
Jul  3 11:59:22 VBox-R kernel: [  550.269315] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=11013 PROTO=UDP SPT=1900 DPT=49053 LEN=441 
Jul  3 12:08:22 VBox-R kernel: [ 1090.768099] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=36962 PROTO=UDP SPT=1900 DPT=59325 LEN=441 
Jul  3 12:16:30 VBox-R kernel: [    8.642612] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=36363 PROTO=UDP SPT=1900 DPT=35357 LEN=441 
Jul  3 12:16:32 VBox-R kernel: [   10.700152] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=461 TOS=0x00 PREC=0x00 TTL=64 ID=36486 PROTO=UDP SPT=1900 DPT=59995 LEN=441 
Jul  3 12:17:01 VBox-R kernel: [   39.347428] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=72.167.39.40 DST=192.168.1.70 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=52646 PROTO=TCP SPT=58839 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0
1. The UDP packets to port 1900 are all from 192.168.1.254, which is my router. My guess is that the calls to port 1900 are the router using the Simple Service Discovery Protocol for UPnP e.g. refer https://en.wikipedia.org/wiki/Simple_Se ... y_Protocol. (192.168.1.70 is the Nomachine server, which is a Virtualbox running LM191 as guest.)

Here is the same log but with all lines containing SPT=1900 filtered out i.e. removed. Does this help identify ana issue regarding access to Nomachine through ufw somehow?

Code: Select all

Jul  3 11:03:50 VBox-R kernel: [ 2104.008056] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=13060 PROTO=UDP SPT=137 DPT=42192 LEN=70 
Jul  3 11:03:53 VBox-R kernel: [ 2107.018635] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=14430 PROTO=UDP SPT=137 DPT=38068 LEN=70 
Jul  3 11:19:07 VBox-R kernel: [ 3021.775931] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=97.74.81.123 DST=192.168.1.70 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=28107 PROTO=TCP SPT=40206 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
Jul  3 11:19:16 VBox-R kernel: [ 3030.195113] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=37.9.13.178 DST=192.168.1.70 LEN=40 TOS=0x00 PREC=0x20 TTL=240 ID=23407 PROTO=TCP SPT=38237 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
Jul  3 11:29:34 VBox-R kernel: [    9.439500] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=104.16.160.101 DST=192.168.1.70 LEN=1228 TOS=0x00 PREC=0x00 TTL=59 ID=4536 DF PROTO=UDP SPT=443 DPT=53612 LEN=1208 
Jul  3 11:29:34 VBox-R kernel: [    9.439595] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=104.16.160.101 DST=192.168.1.70 LEN=1228 TOS=0x00 PREC=0x00 TTL=59 ID=4537 DF PROTO=UDP SPT=443 DPT=53612 LEN=1208 
Jul  3 11:33:24 VBox-R kernel: [  240.836286] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=198.235.24.14 DST=192.168.1.70 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=62362 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 
Jul  3 11:42:53 VBox-R kernel: [  810.069515] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=103.207.38.164 DST=192.168.1.70 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=32005 PROTO=TCP SPT=51276 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
Jul  3 11:45:45 VBox-R kernel: [  981.653160] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=30321 PROTO=UDP SPT=137 DPT=53230 LEN=70 
Jul  3 11:45:48 VBox-R kernel: [  984.689058] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=192.168.1.254 DST=192.168.1.70 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=30645 PROTO=UDP SPT=137 DPT=40968 LEN=70 
Jul  3 11:48:27 VBox-R kernel: [ 1144.085892] [UFW BLOCK] IN=enp0s3 OUT= MAC=YYYY SRC=192.168.1.200 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=18958 PROTO=2 
Jul  3 11:48:27 VBox-R kernel: [ 1144.086674] [UFW BLOCK] IN=enp0s3 OUT= MAC=YYYY SRC=192.168.1.200 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=60845 PROTO=2 
Jul  3 12:17:01 VBox-R kernel: [   39.347428] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=72.167.39.40 DST=192.168.1.70 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=52646 PROTO=TCP SPT=58839 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0
(PS. I tried whitelisting the client machine trying to access the Nomachine Server but this didn't help.)

2. I had thought that those TCP connections to port 3389 were a red herring because I had been using the same virtual machine to trial access using RDP (which I was able to get working). However, attempts to port 3389 are still occurring as shown in the log but filtered to remove lines containing DPT=3389, as seen next. Although the MAC address is the same, interestingly the SRC (=Source IP addresses?) are not even local (with 1 exception). Is it possible that these are from a DDNS service, which I have also been looking at?

Code: Select all

Jul  3 11:19:07 VBox-R kernel: [ 3021.775931] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=97.74.81.123 DST=192.168.1.70 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=28107 PROTO=TCP SPT=40206 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
Jul  3 11:19:16 VBox-R kernel: [ 3030.195113] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=37.9.13.178 DST=192.168.1.70 LEN=40 TOS=0x00 PREC=0x20 TTL=240 ID=23407 PROTO=TCP SPT=38237 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
Jul  3 11:33:24 VBox-R kernel: [  240.836286] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=198.235.24.14 DST=192.168.1.70 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=62362 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 
Jul  3 11:42:53 VBox-R kernel: [  810.069515] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=103.207.38.164 DST=192.168.1.70 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=32005 PROTO=TCP SPT=51276 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 
Jul  3 12:17:01 VBox-R kernel: [   39.347428] [UFW BLOCK] IN=enp0s3 OUT= MAC=XXXX SRC=72.167.39.40 DST=192.168.1.70 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=52646 PROTO=TCP SPT=58839 DPT=3389 WINDOW=10
User avatar
Coggy
Level 5
Level 5
Posts: 608
Joined: Thu Mar 31, 2022 10:34 am

Re: UFW Firewall and NoMachine

Post by Coggy »

The port 1900 drops are from the router port 1900 to assorted ports on 192.168.1.70. I think these are responses to SSDP queries from 192.168.1.70. It keeps on asking and getting nothing back. Whether this is your problem, I don't know. If I'm right, the firewall should be seeing the queries and opening the reply using an iptables rule RELATED,ESTABLISHED. I have no idea whether ufw normally does that - I don' t user ufw - I just use iptables. ufw is designed to hide the details.

The incoming connection attempts to port 3389 are being blocked. I can't tell if this is just an old RDP client out there somewhere, still trying to get in, or whether NX is expecting 3389 incoming (the docs don't mention using 3389).

Try enabling those ports and see when it starts working. Or better still, use tcpdump to trace all the traffic, and see what happens when the firewall is disabled sudo tcpdump host 192.168.1.70.
Alternatively, use sudo iptables-save to output the actual firewall rules that are in effect, although I wanr you taht ufw likes to write really convoluted rules.
Laugh2
Level 4
Level 4
Posts: 275
Joined: Fri Aug 16, 2013 4:01 am

Re: UFW Firewall and NoMachine

Post by Laugh2 »

Coggy wrote: Sun Jul 03, 2022 5:04 am The port 1900 drops are from the router port 1900 to assorted ports on 192.168.1.70. I think these are responses to SSDP queries from 192.168.1.70. It keeps on asking and getting nothing back. Whether this is your problem,...
Thank you, Coggy. For reasons I describe below, I didn't continue this troubleshoot. Interestingly, I did discover that although NoMachine did not list that access was possible once UFW was enabled, this access was surprisingly still possible and access via the External IP address continued to be a possibility. So the problem appears to be that NoMachine's list is incomplete once UFW is enabled.

In the end, however, I bypassed UFW using a VPN-like app, in this case I used ZeroTier. The advantages of using a VPN-like solution was that I managed to traverse not only firewall issues e.g. those with UFW described above, but also solved issues with external access via WAN. My mother's machine(s) sit behind CG-NAT i.e. Carrier-Grade NAT, and I found that NoMachine alone was unable to let me access remotely. The combination of NoMachine with ZeroTier was successful. :-) (So I've marked this as "solved" for this reason.)
User avatar
Coggy
Level 5
Level 5
Posts: 608
Joined: Thu Mar 31, 2022 10:34 am

Re: [Solved] UFW Firewall and NoMachine

Post by Coggy »

Thanks for the update. One often never finds out whether a problem one tried to help with got solved, or how.
davidyanglee
Level 1
Level 1
Posts: 1
Joined: Tue Nov 08, 2022 11:23 am

Re: [Solved] UFW Firewall and NoMachine

Post by davidyanglee »

Hi Coggy and Laugh2, I am encountering a similar situation and interestingly if I tether my client to a phone 5G hotspot with ipv6 address (instead of ipv4 address), then I can log in without problem. So somehow ipv6 is not block while ipv4 is. I will continue to look into this. But if you have any other idea would love to hear. David.
deepakdeshp
Level 20
Level 20
Posts: 12333
Joined: Sun Aug 09, 2015 10:00 am

Re: [Solved] UFW Firewall and NoMachine

Post by deepakdeshp »

David,
Please create a separate thread for your problem with inxi report of your system.
If I have helped you solve a problem, please add [SOLVED] to your first post title, it helps other users looking for help.
Regards,
Deepak

Mint 21.1 Cinnamon 64 bit with AMD A6 / 8GB
Mint 21.1 Cinnamon AMD Ryzen3500U/8gb
Locked

Return to “Software & Applications”