Cannot access Graphical Console when behind a hardware firewall

6 posts / 0 new
Topic locked
Last post
#1 Thu, 11/01/2018 - 12:05
pixel_paul
pixel_paul's picture

Cannot access Graphical Console when behind a hardware firewall

Hi,

I have a Cloudmin master server running behind a dedicated PFSense firewall. I'm using 1:1 NAT to access the master and the KVM guests and everything is working perfectly well.....except accessing the Graphical Consoles.

I can see the KVM guests have VNC started through the boot messages: QEMU waiting for connection on: tcp:127.0.0.1:40000,server

However when accessing through Cloudmin I get the following error:

VNC has been configured on this system by Cloudmin, but the VNC server on port 5901 on host system MY_SERVER is not accessible. If it was just enabled, the system will need to be rebooted before VNC is available.

Are there any additional changes that I need to make to either the firewall or to Cloudmin in order to get this to work?

Thanks in advance for any pointers.

Paul

Tue, 11/13/2018 - 12:42
pixel_paul
pixel_paul's picture

Anyone ran into this problem before?

Wed, 11/14/2018 - 08:29
scotwnw

Are you connecting from outside the pfsense firewall? Have you allowed the correct ports through for vnc, Starting with 5901, 5902, 5903. One for each vm?

When trying to connect to the virtual machine, you dont connect to the vm IP but you connect to the main host ip:5901, etc.

Wed, 11/14/2018 - 10:11
pixel_paul
pixel_paul's picture

Yes, I can connect using a VNC client. My issue is connecting through the main Cloudmin interface (called the Graphical Console).

Wed, 12/12/2018 - 12:58
Steffan
Steffan's picture

I am having the same issues. I have CSF installed on my hosts. The only way I can get from my CM master to another host is if I turn off CSF on both. I have 5900:5920 open in both TCP/UDP in and out. I used CSF's option to check for listening ports and i have all those open. I looked to see if maybe embedded in the process for each if there was a port listed and no clues. That 40000 is the first I've seen. I'll try that and see if it makes a difference.

Wed, 12/26/2018 - 11:18
honesta

As far as I understand Cloudmin is concerned with the ssh port, (and, or) the https 10000-10010 range - then DNS, LDAP and a few others if you run services.

I run phpvirtualbox on all five of my intranet server (hardware) boxes. Cloudmin and Virtualmin are all running on top of Virtualbox slices managed by phpvirtualbox. Only one out of the five has a GUI / the other four are headless - and that is defined by its own php config and the port maybe changed. My Cloudmin is isolated from all this.

If your Cloudmin is actually affecting your setup you might want to bypass it some way similar to this...

Topic locked