Let us take a closer look at how to add RDP to the Debian firewall within a few simple steps put forward by Server management support services at Bobcares.

 Install RDP Server (Remote Desktop) on Debian

Xrdp is an open-source Microsoft Remote Desktop Protocol (RDP) implementation that allows us to operate a remote system graphically.

We can use RDP to log in to the remote machine and build a true desktop session just like we would on a local machine.

Installing Desktop Environment

Debian repository contains a number of desktop environments (DE). In this scenario, we’ll install Xfce. It is a lightweight, quick, and robust desktop environment that is excellent for use on a remote server.

We can choose another desktop environment, such as Gnome, and install it instead of Xfce to add RDP to Debian’s firewall.

To install Xfce on the server, run the following instructions as root or a user with Sudo privileges:

sudo apt updatesudo apt install xfce4 xfce4-goodies xorg dbus-x11 x11-xserver-utils

Downloading and installing Xfce packages will take some time depending on the machine and connection.

Installing Xrdp

The Xrdp package can be found in the regular Debian repository. To install it, execute:

sudo apt install xrdp

Once the installation is complete, the service will begin immediately. We can confirm that the Xrdp service is operational by typing:

sudo systemctl status xrdp

The end result will look like this:

xrdp.service - xrdp daemon Loaded: loaded (/lib/systemd/system/xrdp.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2020-04-01 21:19:11 UTC; 4s ago ...

By default, Xrdp uses the /etc/ssl/private/ssl-cert-snakeoil.key file, which is only accessible to users in the “ssl-cert” group. To add the Xrdp user to the group, run the following command:

sudo adduser xrdp ssl-cert

That’s all, now the initial step to add RDP to the Debian firewall is complete.

Configuring Xrdp

The configuration files for Xrdp are kept in the /etc/xrdp directory. We don’t need to make any changes to the configuration files for basic Xrdp connections. In this situation, Xrdp will use the default X Window desktop, XFCE.

xrdp.ini is the main configuration file. This file is separated into sections and allows us to configure global configuration options such as security and listening addresses, as well as create multiple Xrdp login sessions.

We must restart the Xrdp service whenever we make changes to the configuration file:

sudo systemctl restart xrdp

The startwm.sh file is used by Xrdp to launch the X session. Edit this file to utilize another X Window desktop.

Configuring Firewall

By default, Xrdp listens on port 3389 on all interfaces. If we use a firewall on the Debian server, which we should always do, we will need to write a rule that allows traffic on the Xrdp port. This is the next major step to add RDP to Debian firewall.

Assuming we’re using ufw to operate the firewall, issue the following command to allow access to the Xrdp server from a certain IP address or IP range, in this case, 192.168.1.0/24:

sudo ufw allow from 192.168.1.0/24 to any port 3389

If we wish to allow access from everywhere (which we strongly advise against for security reasons), we can run:

sudo ufw allow 3389

If we’re using nftables to filter system connections, run the following command to open the required port:

sudo nft add rule inet filter input tcp dport 3389 ct state new,established counter accept

To boost security, configure Xrdp to listen solely on localhost and set up an SSH tunnel that securely passes communication from the local system on port 3389 to the server on the same port.

Another safe method is to use OpenVPN to connect to the Xrdp server over a private network.

Connecting to the Xrdp Server

Now that we’ve configured the Xrdp server, it’s time to launch the Xrdp client and connect to it.

We can utilize the default RDP client if we have a Windows PC. In the Windows search box, type “remote” and then choose “Remote Desktop Connection.” This launches the RDP client. Enter the remote server’s IP address in the “Computer” column and click “Connect.”

Enter the username and password on the login screen and click “OK.” Once logged in, you should see the default Xfce desktop. It should look something like this:

We can now utilize the keyboard and mouse to interact with the remote XFCE desktop from the local PC.

If we’re running macOS, we can get the Microsoft Remote Desktop app from the Mac App Store. Linux users can use Remmina or Vinagre, which are RDP clients.

[Need assistance with similar queries? We are here to help]

Conclusion

To conclude we have now learned more about how to add RDP to the Debian firewall with the support of our Server management support services. Installing an Xrdp server allows us to control the Debian 10 server from our local desktop PC using a simple graphical interface.