Restrict NoMachine to listen on a particular interface

Forum / NoMachine for Linux / Restrict NoMachine to listen on a particular interface

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #14797
    mkrisk
    Participant

    Hello,

    I am trying to find out how to restrict NoMachine to listen only on a particular interface. For the “nxd.bin” there is a workaround described here https://www.nomachine.com/forums/topic/listen-to-only-localhost and it works fine. However, “nxnode.bin” is still listening on all IP addresses. Is there some way to restrict “nxnode.bin” as well?

     

    Thnx

    #14807
    hyporious
    Blocked

    Hi, I also ran into the same issue. Please fix this! Cheers, Hypo

    #14814
    reza
    Participant

    Right now it’s not possible to restrict listening in nxnode.bin to particular interface. However it’s possible to disable TCP and use UNIX sockets which are local by definition. It can be done by setting DisplayServerExtraOptions “-nolisten tcp” in node.cfg. We will consider providing a config file key for better control and selecting particular interfaces.

    #14853
    mkrisk
    Participant

    Thnx for a hint! This option indeed works for us. However, if UDP is enabled then “nxnode.bin” is bound to e.g. “0.0.0.0:4500” (if port 4500 is used for UDP). Is there some way to restrict this as well?

     

    #14877
    reza
    Participant

    Please set ProxyExtraOptions „rtlocalhost=127.0.0.1” in node.cfg.

    #14933
    mkrisk
    Participant

    Could you please explain what should be the effect of „rtlocalhost=127.0.0.1” ?

    As far as I can tell, nxnode.bin is not listening on a pre-defined UDP port then (like e.g. “0.0.0.0:4500“). But this also means that the UDP connection can only be opened from the server side to the client side. So in case if that is not possible (e.g., due to firewall rules), then the UDP connection in the other direction (from the client to the server) will not work. Is my understanding correct?

    #14998
    reza
    Participant

    We have verified it and setting rtlocalhost to local interface as we perviously suggested doesn’t have any effect.

    You can set it to IP of your real interface.

    Binding to interface specified in option works only if server cannot establish UDP connection to client first .

Viewing 7 posts - 1 through 7 (of 7 total)

This topic was marked as solved, you can't post.