LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   IPtables forward (https://www.linuxquestions.org/questions/linux-newbie-8/iptables-forward-4175491159/)

mmhs 01-13-2014 03:15 PM
IPtables forward
 
hi guys

i have a problem with iptables


i have a scenario like this


192.168.20.1 172.16.20.10
Server1 ----------- Linux router ------------ XP Client

default forward policy for forward chain in Linux Router is Drop
when i add a rule to allow to allow RDP to xp client it doesnt work
i add a roule in router

Code:
iptables -I FORWARD -p tcp --dport 3389 -m state --state NEW,STABLISHED -j ACCEPT
but Server 1 cannot connect to XP Client with RDP ??
what should i do when default policy for FORWARD chain is DROP ??

i have a rule

Ser Olmy 01-13-2014 04:57 PM
Your rule will not match return traffic. The port numbers in those packets will be reversed, as the XP system will respond by sending TCP packets from port 3389 to whatever source port used by the RDP client.

You should have a general rule in the FORWARD chain handling only packets matching the ESTABLISHED state, and your other FORWARD rule will then just have to handle NEW packets. Remove the existing rules with iptables -F FORWARD and try this:
Code:
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp --dport 3389 -m state --state NEW -j ACCEPT


All times are GMT -5. The time now is 06:18 PM.