Simultaneous use of a host / how avoid nat/firewall config

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Simultaneous use of a host / how avoid nat/firewall config

fabianus
Hello everybody,

I am a newbie to guacamole and I am so excited about it!

Now I have two questions coming from my use of TeamViewer:

1) When connecting with rdp to a windows host the session that is running is
blocked thus if someone is using the host while I am reaching it with rdp
the person is disconnected. I am looking for a solution in order to access
the screen of the running session without blocking the access for the user
that is already working there. Is there any software that could be installed
on the host in order to achieve this?

2) One of the great advantages of TeamViewer is that there are no troubles
with firewall/nat configuration. Is there anything that could be installed
on a host so that there is no need to make modifications to the nat/firewall
– like it is the case with TeamViewer?

Thanks a lot for any feedback!

Best regards,
Fabianus




--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Simultaneous use of a host / how avoid nat/firewall config

vnick
1) When connecting with rdp to a windows host the session that is running is
blocked thus if someone is using the host while I am reaching it with rdp
the person is disconnected. I am looking for a solution in order to access
the screen of the running session without blocking the access for the user
that is already working there. Is there any software that could be installed
on the host in order to achieve this?

If you're using the JDBC module to manage your connections, Guacamole supports setting up shared sessions, both R/O (View-only) and R/W (View + Interact) such that someone can start a session and then share the session and provide a URL to someone else who can connect to that session.  Today there is no way to transparently connect to a shared session - there are a couple of JIRA issues opened for that functionality, but it's still on the roadmap and not implemented.
 

2) One of the great advantages of TeamViewer is that there are no troubles
with firewall/nat configuration. Is there anything that could be installed
on a host so that there is no need to make modifications to the nat/firewall
– like it is the case with TeamViewer?


This depends on where the firewall/NAT configuration is and how you're trying to connect.  One of the big advantages to using Guacamole is that everything between the client browser and the web server is done over standard HTTP/HTTPS(/WS/WSS) connections, which means it can use standard ports.  One of the more common configurations is to proxy Tomcat behind Nginx or Apache httpd so that you can run Guacamole over HTTPS on port 443.  If you do this, you only have a single firewall port/rule to enable.

Traffic between Guacamole Client (tomcat) and Guacamole Server (guacd) happens on its own port (4822 by default), so any firewalls between the Guacamole Client instance and Guacamole Server will need to allow that traffic.  Traffic between Guacamole Server and the remote desktop systems (RDP, VNC, etc.) happens on the standard ports for those protocols, so any firewalls there would need to be configured accordingly.

If you're asking if there's a way to do a reverse connection with Guacamole the way Teamviewer does it, so that you don't have to have any external ports/IPs open, the answer is no, it does not work that way.  There are ways to accomplish that (e.g. a reverse SSH tunnel), but not built into Guacamole.

Hope this helps.

-Nick