Iptables configuration
Hi Guys,
I am seeking some advice on a IPTABLES. I would like to setup a ip forwarding on my linux network router running RHEL 4, my question is, how do i setup a ip forwarding for an external remote client using RDP (Windows). let say i have a computer inside my network and i want to remote the computer from the internet using the rdp protocol. how do i do this on iptables? I have this syntax, and for some reason it didn't work. iptables -t nat -A PREROUTING -p tcp --dport 3389 -d 13.0.0.1 -j DNAT --to X.X.X.X:3389 iptables -A FORWARD -p tcp --dport 3389 -d X.X.X.X -j ACCEPT NOTE: 13.0.0.1 is my router's private ip |
Maybe try the -i switch for you (external) interface.
Maybe you can cut you private ip out of the command. |
Quote:
if so, then it would go like this (make sure your FORWARD policy is set to DROP): Code:
iptables -t nat -A PREROUTING -p TCP -i $WAN_IFACE --dport 3389 \ |
You may need to turn ip forwarding on in the kernel as well:
Code:
echo "1" > /proc/sys/net/ipv4/ip_forward |
Hi Guy,
I'ved already setup the ip forwarding to 1, in which fotoguy suggested, and regarding what win32sux said, i already tried the code, but still doesn't work. here is the complete details that i'm trying to do. LAN IP = 13.0.0.20 = eth1 WAN IP = 192.168.102.83 = eth2 TARGET IP for RDP = 192.168.102.11 _______ I'ved tried the code: iptables -t nat -A PREROUTING -p TCP -i eth2 --dport 3389 -d 192.168.102.83 -j DNAT --to-destination 192.168.102.11 iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -p TCP -i eth1 -o eth2 --dport 3389 -d 192.168.102.11 -m state --state NEW -j ACCEPT --------------- Any idea? |
Could you post the whole iptables script you are using? if your not using a script only the default that comes with the distro, could you post the results of this command:
Code:
iptables -L I'm just curious about your LAN and WAN IP's, your LAN ipaddress is a reservered A class public address and your WAN is a reservered class C private address, is this just for the purpose of us helping out, or are they the actual addresses. Also there is no eth0 card, all ethernet cards in unix/linux start at eth0, this could also be part of the problem. |
All times are GMT -5. The time now is 04:34 PM. |