0

I have a webservice exposed to the LAN. I have Virtual Machines on this network that I allow external access through Citrix.

From the remoting PC, I need the ability to pivot that connection to port forward the webservice allowing me to access the API. Currently, it is possible to access the webserver like so:

Dev PC --> VM (RDP) --> Webserver

I need to use this connection so I can connect to it like so where --> represents the connection through the VM rather than physically on the VM:

Dev PC --> Webserver

What I have tried:

I have added an entry to my Dev PC hosts file pointing at the LAN IPV4 of the webserver like so:

some.webserver.local     10.10.13.3

I am now reading the Citrix documentation on the gateway connection but cannot find any information on how to make this possible.

Has anyone done this before and knows the solution? Any help apprecicated

Jaquarh
  • 6,493
  • 7
  • 34
  • 86
  • Do you have scheme like this: `Dev PC --(ICA)--> Citrix Server --(RDP)--> VM Server --(HTTP)--> Webserver` ? – Daemon-5 Jun 23 '22 at 01:34
  • I suppose the question pivots about [tunneling](https://stackoverflow.com/questions/228992/i). – Daemon-5 Jun 23 '22 at 02:18
  • I cannot change the configuration, nor install additional binaries like SSH. I have a Dev PC which I then spin up Citrix and connect to a VM to then open the browser and manually have to interact with a server on that network. Is it possible to do something like you can with SSH (passing the `-L` flag) only with Citrix? My goal is, on my Dev PC, I can just open a browser and navigate to that same webservice - I hope that is more clear, it is likely not possible but worth an ask @Daemon-5 – Jaquarh Jun 23 '22 at 18:24
  • You can implement your own tunnel mechanism using local file write. The transitional files are files stored on `Dev PC` (\\client\[disk]\[Folder]\[File]) and `Citrix Server` ((\\tsclient\[disk]\[Folder]\[File])). But you have to understand that this mechanism is hack-trick. It breaks server infrastructure security. So if you really have to interact with `Web server` you should query necessary access: Citrix Netscaler, VPN, etc. – Daemon-5 Jun 24 '22 at 03:00
  • So it would be possible to establish the RDP connection, place a program in `\\tsclient\c\Temp` that forwards any HTTP requests to the webservice which I then call from `Dev PC` directly? @Daemon-5 – Jaquarh Jun 24 '22 at 06:39
  • 1
    It is possible. But I didn't find any suitable solution. So you should write own tunneling mechanism like [rdp2tcp](https://github.com/V-E-O/rdp2tcp). I think it would be duplex solution. Server module writes response to file (or sequence of files). Another module read the files on client side. Query module write request to file (or sequence of files). Another module read it on server side. So you have to design exchange protocol based on RW-file procedures. I think Powershell is the most suitable engine on RDP-server with no administrative privileges. – Daemon-5 Jun 24 '22 at 07:03
  • Really appreciate the substantive research you're providing, I will look to attempt this through the RDP session. @Daemon-5 – Jaquarh Jun 24 '22 at 19:39

0 Answers0