Can not remote desktop to kvm window 2003 guest from remote location...

Asked by abadger on 2014-09-22

I have serveral windows 2003 KVM guests running on a Ubuntu 14.04 server. All work fine except for one guest. This machine will not allow remote desktop connections.

telnet 3389
telnet: Unable to connect to remote host: Connection refused

I know it's not a windows issue, if you login to kvm host machine, then you can rdesktop directly to the local IP address of the windows client, e.g

 One of the guests will allow rdesktop when you login to the server...e.g

ssh dave@linux-host -X

Above rdesktop works fine.

But I can not use ufw to forward packets to this server using...

iptables -t nat -A PREROUTING -p tcp -d --dport 3389 -j DNAT --to-destination
iptables -t nat -A PREROUTING -p tcp -d 80 -j DNAT --to-destination
iptables -t nat -A PREROUTING -p tcp -d --dport 443 -j DNAT --to-destination

I know ufw is working fine...if I change the ip address being forwarded to to one of the other windows clients then rdesktop to will work fine.

So windows machine setup is fine.
ufw packet forwarding is fine.
Something about kvm networking is causing an issue....

Unsure how to debug this further ?

On a separate note...what does the following error mean....
Also thought I'ld try port forwarding from within virsh.....get the following error about use mode network stack not in use ?

root@big3 /home/dave # virsh qemu-monitor-command --hmp vrbs2 'hostfwd_add ::13389-:3389'
user mode network stack not in use

Any debug help gratefully received.

Thanks Dave

Question information

English Edit question
Ubuntu libvirt Edit question
No assignee Edit question
Solved by:
Last query:
Last reply:
abadger (dave-netfm) said : #1

Found issue...had to delete rules added in by libvirt to ufw...

dave@big3:~$ sudo iptables -nL -v --line-numbers -t filter | more

38 695K 275M ACCEPT all -- virbr0 *
39 28377 2607K ACCEPT all -- virbr0 virbr0
40 75 3744 REJECT all -- * virbr0 reject-with icmp-port-u
41 0 0 REJECT all -- virbr0 * reject-with icmp-port-u
42 3778 219K ufw-before-logging-forward all -- * *

Remove rules 40 and 41

sudo iptables -D FORWARD 41 -t filter
sudo iptables -D FORWARD 40 -t filter