LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Iptables configuration (http://www.linuxquestions.org/questions/linux-security-4/iptables-configuration-489604/)

gurl4sh25 10-05-2006 02:35 AM

Iptables configuration
 
Hi Guys,

I am seeking some advice on a IPTABLES. I would like to setup a ip forwarding on my linux network router running RHEL 4, my question is, how do i setup a ip forwarding for an external remote client using RDP (Windows). let say i have a computer inside my network and i want to remote the computer from the internet using the rdp protocol. how do i do this on iptables?

I have this syntax, and for some reason it didn't work.

iptables -t nat -A PREROUTING -p tcp --dport 3389 -d 13.0.0.1 -j DNAT --to X.X.X.X:3389

iptables -A FORWARD -p tcp --dport 3389 -d X.X.X.X -j ACCEPT

NOTE:
13.0.0.1 is my router's private ip

grezly 10-05-2006 06:07 AM

Maybe try the -i switch for you (external) interface.

Maybe you can cut you private ip out of the command.

win32sux 10-07-2006 01:01 AM

Quote:

Originally Posted by gurl4sh25
Hi Guys,

I am seeking some advice on a IPTABLES. I would like to setup a ip forwarding on my linux network router running RHEL 4, my question is, how do i setup a ip forwarding for an external remote client using RDP (Windows). let say i have a computer inside my network and i want to remote the computer from the internet using the rdp protocol. how do i do this on iptables?

I have this syntax, and for some reason it didn't work.

iptables -t nat -A PREROUTING -p tcp --dport 3389 -d 13.0.0.1 -j DNAT --to X.X.X.X:3389

iptables -A FORWARD -p tcp --dport 3389 -d X.X.X.X -j ACCEPT

NOTE:
13.0.0.1 is my router's private ip

so basically you just need to forward port 3389/tcp to an internal box??

if so, then it would go like this (make sure your FORWARD policy is set to DROP):
Code:

iptables -t nat -A PREROUTING -p TCP -i $WAN_IFACE --dport 3389 \
-d $WAN_IP -j DNAT --to-destination $LAN_RDP_BOX

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -p TCP -i $WAN_IFACE -o $LAN_IFACE --dport 3389 \
-d $LAN_RDP_BOX -m state --state NEW -j ACCEPT


fotoguy 10-09-2006 08:14 AM

You may need to turn ip forwarding on in the kernel as well:

Code:

echo "1" > /proc/sys/net/ipv4/ip_forward

gurl4sh25 10-10-2006 12:55 AM

Hi Guy,

I'ved already setup the ip forwarding to 1, in which fotoguy suggested, and regarding what win32sux said, i already tried the code, but still doesn't work. here is the complete details that i'm trying to do.

LAN IP = 13.0.0.20 = eth1
WAN IP = 192.168.102.83 = eth2

TARGET IP for RDP = 192.168.102.11

_______
I'ved tried the code:

iptables -t nat -A PREROUTING -p TCP -i eth2 --dport 3389 -d 192.168.102.83 -j DNAT --to-destination 192.168.102.11

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -p TCP -i eth1 -o eth2 --dport 3389 -d 192.168.102.11 -m state --state NEW -j ACCEPT
---------------

Any idea?

fotoguy 10-10-2006 01:20 AM

Could you post the whole iptables script you are using? if your not using a script only the default that comes with the distro, could you post the results of this command:

Code:

iptables -L
Also i'm trying to get an understanding of your network configuration so I can help you better. Is this router connecting your network to your ISP's network. Or is this router inside your network creating another subnet so you can test inside your network first?

I'm just curious about your LAN and WAN IP's, your LAN ipaddress is a reservered A class public address and your WAN is a reservered class C private address, is this just for the purpose of us helping out, or are they the actual addresses. Also there is no eth0 card, all ethernet cards in unix/linux start at eth0, this could also be part of the problem.


All times are GMT -5. The time now is 07:50 PM.