Session Remote Host Address Showing Loopback

Keywords: Apache Guacamole - Virtual Machines - Technical issue - Other
bnsupport ID: 503055f3-dec1-de72-ebc2-c6db44281428
Description:
This is regrading the “Remote Host” column in “Active
Sessions” and “History”.

I notice that when connecting from LAN it displays the ipv4 loopback address of 127.0.0.1 and when connecting from outside the network the ipv6 loopback of 0:0:0:0:0:0:0:1.

I found searching this link talking about:

http://mail-archives.apache.org/mod_mbox/guacamole-user/201901.mbox/<OF131EA17B.2A84ABAC-ON85258386.006A8545-85258386.006C59D8@simard.ca>

But i could not find de nginx file configuration for first step.

Could somebody help me?

In catalina.out i can see:

11:44:39.091 [http-nio-8080-exec-8] INFO o.a.g.r.auth.AuthenticationService - User “sistemas” successfully authenticated from [192.168.0.117, 0:0:0:0:0:0:0:1].

Ipv4 IP is shown in log but not in active connections

Hi, @pjgoni.

I was able to reproduce your issue. However, I was only able to reproduce it in the OVA, but not in other platforms. Note that we are following the official guidelines to configure Guacamole.

This machine uses Apache instead of Nginx, and you can see in your /opt/bitnami/apache2/conf/bitnami/bitnami-ssl.conf and /opt/bitnami/tomcat/conf/server.xml that the configuration is done as stated in the official documentation.

We will continue investigating this issue and why it only happens on a local single VM, but in the meantime, I suggest you to ask in the official Guacamole support channels in case someone is able to help you.

Regards,
Alejandro

Thanks for your reply.

Im going to ask in the Official Guacamole Channels, but may i can help with some comments:

1 - The real IP is shown in Catalina.out, then IP is arriving to tomcat but not to apache.
2 - I could not find the parameter proxy_set_header in apache conf. This parameter has to be set
according to documentation.
3 - There was some changes in 1.0.0 release compatibility notes http://guacamole.apache.org/releases/1.0.0/#hostname-logging-within-database

You was able to reproduce the issue only in a VM machine, then: what is the difference between this and other platforms that you run?

Hi @pjgoni,
This error is quite weird.

That configuration is for nginx, this image uses apache, and for apache it is not needed.

That is configured too as indicated here: https://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip.

But I have found an issue with that in this scenario.
Could you try this workaround, edit /opt/bitnami/tomcat/conf/server.xml and look for this group of lines:

<Valve className="org.apache.catalina.valves.RemoteIpValve"
               internalProxies="127.0.0.1"
               remoteIpHeader="x-forwarded-for"
               remoteIpProxiesHeader="x-forwarded-by"
               protocolHeader="x-forwarded-proto" />

and replace the interalProxies line by:

               internalProxies="127.0.0.1|0:0:0:0:0:0:0:1|::1"

and restart tomcat.

sudo /opt/bitnami/ctlscript.sh restart tomcat

There should be not any difference at all, but we will check why is happening this.

I want to thanks again for your answer!

The workaround solve the problem!

You rocks!!!

Thanks!

I’m glad this worked, @pjgoni. The explanation for this is that Tomcat was receiving the IPv6 address of the Apache proxy, but only 127.0.0.1 (IPv4) was configured as an internal proxy. Since the proxy IP was 0:0:0:0:0:0:0:1 instead, Tomcat wouldn’t trust it and would show its IP.

Regards,
Alejandro

cristal clear!!

Regards,
Pablo