firewall-cmd --permanent --zone=public --add-port=3389/tcp

启动xrdp
#/etc/xrdp/xrdp.sh start ?
重启xrdp
#/etc/xrdp/xrdp.sh restart

关闭防火墙,或者打开防火墙3389端口
# systemctl stop firewalld.service
# systemctl disable firewalld.servie
或者打开3389端口
# firewall-cmd --permanent --zone=public --add-port=3389/tcp

[20170819-01:19:02] [INFO ] starting xrdp with pid 14818
[20170819-01:19:02] [INFO ] listening to port 3389 on 0.0.0.0

[root@localhost ~]# netstat -antup|grep xrdp
tcp 0 0 0.0.0.0:3389 0.0.0.0:* LISTEN 14818/lt-xrdp

[root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=3389/tcp
success

[root@localhost ~]# systemctl status xrdp.service
● xrdp.service - xrdp daemon
Loaded: loaded (/usr/lib/systemd/system/xrdp.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:xrdp(8)
man:xrdp.ini(5)

可以看到，xrdp服务启动了，防火墙的3389端口也打开了，但是，mstsc远程登录不行。

[root@localhost ~]# systemctl stop firewalld.service

防火墙停掉以后，就可以远程登录了。不知道为什么？