Restart bind after updating zonefile
ufw allow from [internal LAN] to [internal IP] port 22 ufw allow from [apache-VPN-IP] to [Guacamole-VPN-IP] port 8009 ufw enable So if your VPN address are 192.168.111.5 (Guacamole) and 192.168.111.10 (Apache2), your internal Guacamole address is 192.168.1.5 and your LAN is 192.168.1.0/24 the commands are: ufw allow from 192.168.1.0/24 to 192.168.1.5 port 22 ufw allow from 192.168.111.10 to 192.168.111.5 port 8009 ufw enable 5.
In a later guide I will also look into securing Apache with Mod Security and Mod-Spamhaus but this is beyond the scope of this guide.
I also have a VPN between my VPS and my internal server (so I don't need to expose my internal network to the internet), this is also out of the scope of this guide.
To use this guide you must have succesfully installed Guacamole inside your own network.
First off, I upgraded my Ubuntu machine to 14.04 first to enable SSH support.
We also need two specific packages to enable this: libpango2-1 and libssh2-1-dev Installing these was as easy as running apt-get install libpango2-1 libssh2-1-dev 1.