Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Ahh, there is a reject at the bottom of the RH-Firewall-1-INPUT chain, so once that chain is referenced by FORWARD, you'll never come back to the subsequent rules. put yours above those lines.
Hi Chris. I just want to be clear. Put the "Reference chain in FORWARD" below the chains I added there?
Thank you dear sir. Your steps and knowledge have helped me in, not only understanding the chains and tables better in iptables, but also understanding how the PREROUTING and POSTROUTING work.
One more question. What exactly is being MASQUERADED in the post routing. I'm still a little unclear with this.
Once again, thank you. Remote Desktop sucessfully works!
masquerading is just a short hand for natting to the address of the outbound interface. Saves attaching a dedicated IP for the nat. etc. From the windows boxes perspective, it's the IP of the Linux box that it sees.
masquerading is just a short hand for natting to the address of the outbound interface. Saves attaching a dedicated IP for the nat. etc. From the windows boxes perspective, it's the IP of the Linux box that it sees.
Ok, yep, I just purposely failed a login to Remote Desktop to see how it shows up. Yep, the Linux server IP shows up as the source IP. Is there a way to audit on the Linux side what the actual public IP is? Yes, I've controlled the source networks in the Forwarding, but it still would be nice to know which IPs are accessing Remote Desktop.
sure, you can use a LOG target (or a ULOG one for more userspace interaction) to record new hits for the FORWARD action. Just copy the line you have in FORWARD, put it above the existing on, and change the target to -j LOG
Again note that if the windows box was only ever able to reach your router via the Linux box and was on a different subnet only joined at that Linux server, then there would be no need to MASQ the traffic and you'd have full visibility of the source IP on the windows box.
Last edited by acid_kewpie; 02-20-2012 at 03:04 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.