[Thinlinc-technical] Bind HTML5 Webaccess to specific IP

Jakob-Matthias Böttger jakob at j-mb.de
Thu Aug 14 11:22:53 CEST 2014


Hi the only way which would enable that, is by using the DNAT function
of iptables to redirect the incoming 443 port at the interfaces which
should not serve thinlinc to  apache at e.g. 442 tcp.

1. bind apache or nginx or whatever to 442 tcp

2. configure vhost to listen at 442

3. iptables -I PREROUTING -i $inputdev --dst $devip -p tcp --dport 443
-j DNAT --to-destination $devip:442

Best Regards Jakob

Am 12.08.2014 um 10:40 schrieb Henrik Andersson:
> Hi,
> 
>> The Server with the vmsagent and master running at has got three IP.
>> Now I'm trying to bind the html5 webclient to a specific IP. But as i
>> read in the docs it's just possible to change the port the client is
>> listening at. I also tried to redirect the traffic at 443 tcp via
>> iptables to 300. But then the html5 client is redirecting to the
>> vsmagent ip:300 thus i configured a login_page = vmsagent:443.
>>
> 
> All services of ThinLinc listens on all interfaces and we have left it
> to the administrator to use local firewall to lock down access for
> different services on different interfaces.
> 
> I believe you have misinterpreted the use of /webaccess/login_page. It
> is used in a ThinLinc cluster eg. more than one agents to get the
> browser client back to the login page on the master server in the
> cluster when needed. This is a bit fuzzy but if you think about
> general ThinLinc login which first connects to the master and
> authenticates the user and redirects the user to a session on an agent,
> it becomes a bit clearer.
> 
> I don't think you can accomplish what you want on a single ThinLinc
> server setup. The only way is to change /webaccess/listen_port to 443
> and add a rule to open that port for the specific interface you want to
> use. Which only could be realized if you don't have any other service
> bound to port 443 on your ThinLinc server.
> 
> 
> Kind Regards,
> 
> Henrik Andersson (Cendio AB)
> 
>  
> _______________________________________________
> Thinlinc-technical mailing list
> Thinlinc-technical at lists.cendio.se
> Manage your subscription:
> http://lists.cendio.se/mailman/listinfo/thinlinc-technical
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cendio.se/pipermail/thinlinc-technical/attachments/20140814/2b1e2ee6/attachment.bin>


More information about the Thinlinc-technical mailing list