After watching Tom’s video, I have installed the rustdesk server on my homelab.
I am not wanting to set things up so that I can use it with clients outside of my network.
While I have set up the relevant port forwarding to the docker VM running rustdesk, I am not sure how it would work because the docker container does not appear to expose any ports
WAN interface
Is there something that I am missing?
Rustdesk uses the host networks option which means the container directly uses the host’s network interfaces and ports. For example docker ps won’t show port mappings because there aren’t any explicit mappings.
If you run the command docker logs <container> you can see what ports it’s using.
docker logs c173efb13e2e
[2025-02-22 10:38:42.886158 +00:00] INFO [src/peer.rs:84] DB_URL=./db_v2.sqlite3
[2025-02-22 10:38:42.892779 +00:00] INFO [src/rendezvous_server.rs:99] serial=0
[2025-02-22 10:38:42.892784 +00:00] INFO [libs/hbb_common/src/config.rs:902] Generated new keypair for id:
[2025-02-22 10:38:42.892802 +00:00] INFO [src/common.rs:45] rendezvous-servers=[]
[2025-02-22 10:38:42.892809 +00:00] INFO [src/rendezvous_server.rs:101] Listening on tcp/udp :21116
[2025-02-22 10:38:42.892812 +00:00] INFO [src/rendezvous_server.rs:102] Listening on tcp :21115, extra port for NAT test
[2025-02-22 10:38:42.892815 +00:00] INFO [src/rendezvous_server.rs:103] Listening on websocket :21118
[2025-02-22 10:38:42.893239 +00:00] INFO [src/rendezvous_server.rs:138] mask: None
[2025-02-22 10:38:42.893260 +00:00] INFO [src/rendezvous_server.rs:139] local-ip: ""
[2025-02-22 10:38:42.893273 +00:00] INFO [src/common.rs:45] relay-servers=[]
[2025-02-22 10:38:42.893347 +00:00] INFO [src/rendezvous_server.rs:153] ALWAYS_USE_RELAY=N
[2025-02-22 10:38:42.893366 +00:00] INFO [src/rendezvous_server.rs:185] Start
[2025-02-22 10:38:52.976299 +00:00] INFO [src/peer.rs:102] update_pk 64696232 [::ffff:172.16.16.192]:63344 b"6891cd93-47dc-44e9-8cd9-9f74894e4f58" b"\xca_\x8c\xa5\x85\xf5%\xd3\xd6s\xaa\x93\x97;^\xb8\x94\xd2\xd4\x98R\xbb\x1a\x0c\xaa\x19\x90\x82o\x03\x05\xbb"
[2025-02-22 10:38:52.979418 +00:00] INFO [src/peer.rs:130] pk updated instead of insert
[2025-02-22 10:48:06.378898 +00:00] INFO [src/rendezvous_server.rs:597] IP change of 64696232 from [::ffff:172.16.16.192]:56204 to [::ffff:10.13.13.192]:60184
[2025-02-22 10:48:06.382256 +00:00] INFO [src/peer.rs:102] update_pk 64696232 [::ffff:10.13.13.192]:60184 b"6891cd93-47dc-44e9-8cd9-9f74894e4f58" b"\xca_\x8c\xa5\x85\xf5%\xd3\xd6s\xaa\x93\x97;^\xb8\x94\xd2\xd4\x98R\xbb\x1a\x0c\xaa\x19\x90\x82o\x03\x05\xbb"
[2025-02-22 10:48:06.384101 +00:00] INFO [src/peer.rs:130] pk updated instead of insert
So I have that sorted in my head now 
Within my network I can connect to the Rustdesk server but not from an external client.
My port forwarding looks as follows:
With the following rules on the WAN interface:
Not sure what I might be missing.
There is a typo in the ports for your setup, you have it going from 2118 not 21118
Oops, thanks. Correct that but still same issue. I also added all the ports, including the Pro ones in case I missed something
But get the ports still appear blocked externally when checked from https://canyouseeme.org/
The same happened with the other ports.
I tried disabling all blocking rules on my firewall and this made no difference.
My port forwarding works for my NginX on the other docker server so not sure what might be the issue here. I have confirmed no linux firewall running on the .12 box.
You have to set your source ports to any on your NAT rules. Those ports will always be random coming in.
Ok, so the two forwarding rules for Nginx Proxy Manager are breaking it for the Rustdesk ? I tried specifying 443 source port for NginX 443 port forward and 80 for the other but then my websites listed in NginX cannot be reached.
Unless you are using the pro version of Rustdesk there is no web interface and no reason to use a proxy.
Yes I realise, I just added all ports while I was troubleshooting in case I was missing something but I don’t seem to understand port forwarding like I thought I did as I can’t get through.
Did you set the source port to any in your port forward rules? That is your issue.
The Rustdesk ones yes but for NginX proxy manager, when I set these to 443 and 80 resopectively, I could not reach any of my sites listed in NginX
That doesn’t make any sense. The source ports will always be random. It’s the destination that matters. This is why you cannot reach rust desk.
I hear you but the Websites are working and Rustdesk not. I will pull it apart in the next few weeks and relook at things… I will also do some reading on port forwarding rule Thanks for you direction and patience. I will update once I have worked out what I am doing … or rather once I understand this properly
I had previously used Rustdesk for remote access when away and I had it working beautifully when I was using nginx-proxymanager. Since then I have switched to using pfSense HA-Proxy and have not been able to get it to work.
This video prompted me to give Rustdesk another try and it definitely works as expected. I am currently using it to directly connect within my home lab network which uses VLAN’s. I have also tried directly connecting to my internal systems remotely and was surprised to see that it would connect without VPN.
Thanks in advance for any help and/or suggestions.
Yes, as I understand it RustDesk utilizes hole punching techniques to establish direct peer-to-peer (P2P) connections between clients, aiming to minimize reliance on relay servers.
Specifically, RustDesk employs TCP hole punching to facilitate direct connections. The hbbs (RustDesk ID/Rendezvous server) listens on port 21116 for both TCP and UDP traffic. In this setup, TCP on port 21116 is used for hole punching and connection services, while UDP on the same port handles ID registration and heartbeat services.
Unless you are using the web interface for Rustdesk I don’t get why you would use a reverse proxy and I am not sure if the non-web part of their protocols would work via a proxy. They have a lsit of what ports need to be open here Self-host :: Documentation for RustDesk
Thanks for the response, @LTS_Tom. Given your additional explanation, I’m not convinced I “need” the hbbs/hbbr services. If the UDP hole punching works as I have seen it, it does meet my needs. I have also tested it when I connect via Tailscale VPN and it works as well.
My only reason for considering setting up the hbbs/hbbr services via reverse proxy is to facilitate family remote support. But admittedly, in my case this is rare.
Thanks as always for the wonderful and helpful videos you post. I greatly appreciate it!!
Hi Tom,
I’m new to the Forum and would like to emphatically state that I love your YouTube content and presentation. To that end, I’ve watched and re-watched your RustDesk videos with the intent of moving away from my old go to TeamViewer which I use exclusively to provide tech support for friends and family.
I currently host other services on my Home Lab and (with your help) have had little trouble configuring those services using pfSense, HAProxy and LetsEncrypt via Static IPs from my ISP. Now I’d like to do the same with RustDesk and was wondering if I could coerce you into creating a video covering the topic. Specifically, I’m a bit confused as to how the RustDesk ports relate to the HAProxy Backend, Frontend configuration in pfSense.
Thanx again for your content and have a great day!
Unless you are using their paid service that offers a web interface then there is no need to use it with HAProxy or Let’s Encrypt.
So, is the idea to simply forgo ssl and open the Ruskdesk ports in pfsense and add the cname in my provider for my purchased domain name? I want to give a FQDN to my friends/family when setting up their clients.
Yes, set up your domain to point to your IP and have the ports open in pfsense.
