How to bind vdrp service to 127.0.0.1?
How to bind vdrp service to 127.0.0.1?
Since I use SSH port forwarding to secure the remote connection of vdrp and do authentication, I want remote desktop server runs on 127.0.0.1 instead of 0.0.0.0 by default. Is there any configuration file related to this parameter?
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: How to bind vdrp service to 127.0.0.1?
"127.0.0.1" means local host, i.e. local loopback. It can't be used to indicate remote anything.
Re: How to bind vdrp service to 127.0.0.1?
If the service runs on loopback NIC of Host, then I can wrap the data with SSH tunnel to traverse the firewall. I do this for VNC server (use vncserver -localhost) and secure the VNC session through ssh portforwarding. In fact, I doubt the security of RD protocol, so I hope it runs on loopback, which would ease my anxiety about privacy.mpack wrote:"127.0.0.1" means local host, i.e. local loopback. It can't be used to indicate remote anything.
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: How to bind vdrp service to 127.0.0.1?
A local loopback used inside the guest would cause the guest to address itself - exactly the same as any PC.
If the guest needs to address another PC, e.g. the host PC, then it needs to use the proper IP address.
If the guest needs to address another PC, e.g. the host PC, then it needs to use the proper IP address.
Re: How to bind vdrp service to 127.0.0.1?
Sorry, I cannot understand your point. I know that my remote display service is running on the port 3389 of a linux host machine (say 200.1.1.2). I use another windows machine (say 199.2.2.2) and visit the 200.1.1.2:3389, then I can login the guest machine. This works because the linux host is listening 0.0.0.0:3389
However, anyone (say 201.2.2.2) can also login my guest machine, which is dangerous. I hope the remote display service can only listen 127.0.0.1:3389. Then I can login guest machine by visiting 127.0.0.1:3389 on host machine or visit 127.0.0.1:3389 via ssh remotely.
Now I must use iptable to block the specific port from WAN.
However, anyone (say 201.2.2.2) can also login my guest machine, which is dangerous. I hope the remote display service can only listen 127.0.0.1:3389. Then I can login guest machine by visiting 127.0.0.1:3389 on host machine or visit 127.0.0.1:3389 via ssh remotely.
Now I must use iptable to block the specific port from WAN.
-
- Volunteer
- Posts: 5105
- Joined: 19. Sep 2009, 04:44
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows 10,7 and earlier
- Location: Sydney, Australia
Re: How to bind vdrp service to 127.0.0.1?
I cannot understand your point either, but that is fine because it does not matter. What does matter is that it has nothing whatever to do with VirtualBox. If you have some odd way of fooling the network protocols that is fine, but it would make no difference whatever if the machines were all physical, all virtual or a mixture of both. It is purely a networking matter.
Bill
Re: How to bind vdrp service to 127.0.0.1?
Here are programs listening on all network interfaces:
To the best of my knowledge, VirtualBox will listen on all network interfaces by default. Since I do not want expose any port other than 22 to external network, can you or anybody else change it to loopback interface?
Code: Select all
xxx@XXX:/tmp# netstat -nplt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1238/sshd
tcp 0 0 0.0.0.0:3389 0.0.0.0:* LISTEN 20178/VirtualBox
Code: Select all
Fake # netstat -nplt
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1238/sshd
tcp 0 0 127.0.0.1:3389 0.0.0.0:* LISTEN 20178/VirtualBox
Last edited by socratis on 11. Jan 2018, 02:06, edited 1 time in total.
Reason: Enclosed the information in [code] tag for better readability
Reason: Enclosed the information in [code] tag for better readability
-
- Posts: 1
- Joined: 28. Aug 2019, 15:19
Re: How to bind vdrp service to 127.0.0.1?
Sorry I don't have uri post permissions yet.. but if you go to the manual on the virtualbox website in ch08 under vboxmanage-modifyvm-vrde:
You can use the --vrdeport and --vrdeaddress options to specify the binding information for the VRDE rdp/vnc server to listen on. So for your usecase:
You can use the --vrdeport and --vrdeaddress options to specify the binding information for the VRDE rdp/vnc server to listen on. So for your usecase:
Code: Select all
$ VBoxManage startvm $VM --type headless --vrde on --vrdeaddress 127.0.0.1 --vrdeport 3389