LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-05-2006, 02:35 AM   #1
gurl4sh25
Member
 
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115

Rep: Reputation: 15
Iptables configuration


Hi Guys,

I am seeking some advice on a IPTABLES. I would like to setup a ip forwarding on my linux network router running RHEL 4, my question is, how do i setup a ip forwarding for an external remote client using RDP (Windows). let say i have a computer inside my network and i want to remote the computer from the internet using the rdp protocol. how do i do this on iptables?

I have this syntax, and for some reason it didn't work.

iptables -t nat -A PREROUTING -p tcp --dport 3389 -d 13.0.0.1 -j DNAT --to X.X.X.X:3389

iptables -A FORWARD -p tcp --dport 3389 -d X.X.X.X -j ACCEPT

NOTE:
13.0.0.1 is my router's private ip
 
Old 10-05-2006, 06:07 AM   #2
grezly
Member
 
Registered: May 2006
Distribution: Slackware
Posts: 46

Rep: Reputation: 15
Maybe try the -i switch for you (external) interface.

Maybe you can cut you private ip out of the command.
 
Old 10-07-2006, 01:01 AM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by gurl4sh25
Hi Guys,

I am seeking some advice on a IPTABLES. I would like to setup a ip forwarding on my linux network router running RHEL 4, my question is, how do i setup a ip forwarding for an external remote client using RDP (Windows). let say i have a computer inside my network and i want to remote the computer from the internet using the rdp protocol. how do i do this on iptables?

I have this syntax, and for some reason it didn't work.

iptables -t nat -A PREROUTING -p tcp --dport 3389 -d 13.0.0.1 -j DNAT --to X.X.X.X:3389

iptables -A FORWARD -p tcp --dport 3389 -d X.X.X.X -j ACCEPT

NOTE:
13.0.0.1 is my router's private ip
so basically you just need to forward port 3389/tcp to an internal box??

if so, then it would go like this (make sure your FORWARD policy is set to DROP):
Code:
iptables -t nat -A PREROUTING -p TCP -i $WAN_IFACE --dport 3389 \
-d $WAN_IP -j DNAT --to-destination $LAN_RDP_BOX

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -p TCP -i $WAN_IFACE -o $LAN_IFACE --dport 3389 \
-d $LAN_RDP_BOX -m state --state NEW -j ACCEPT
 
Old 10-09-2006, 08:14 AM   #4
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
You may need to turn ip forwarding on in the kernel as well:

Code:
echo "1" > /proc/sys/net/ipv4/ip_forward
 
Old 10-10-2006, 12:55 AM   #5
gurl4sh25
Member
 
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115

Original Poster
Rep: Reputation: 15
Hi Guy,

I'ved already setup the ip forwarding to 1, in which fotoguy suggested, and regarding what win32sux said, i already tried the code, but still doesn't work. here is the complete details that i'm trying to do.

LAN IP = 13.0.0.20 = eth1
WAN IP = 192.168.102.83 = eth2

TARGET IP for RDP = 192.168.102.11

_______
I'ved tried the code:

iptables -t nat -A PREROUTING -p TCP -i eth2 --dport 3389 -d 192.168.102.83 -j DNAT --to-destination 192.168.102.11

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -p TCP -i eth1 -o eth2 --dport 3389 -d 192.168.102.11 -m state --state NEW -j ACCEPT
---------------

Any idea?
 
Old 10-10-2006, 01:20 AM   #6
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
Could you post the whole iptables script you are using? if your not using a script only the default that comes with the distro, could you post the results of this command:

Code:
iptables -L
Also i'm trying to get an understanding of your network configuration so I can help you better. Is this router connecting your network to your ISP's network. Or is this router inside your network creating another subnet so you can test inside your network first?

I'm just curious about your LAN and WAN IP's, your LAN ipaddress is a reservered A class public address and your WAN is a reservered class C private address, is this just for the purpose of us helping out, or are they the actual addresses. Also there is no eth0 card, all ethernet cards in unix/linux start at eth0, this could also be part of the problem.

Last edited by fotoguy; 10-10-2006 at 01:53 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables configuration linuxhippy Slackware 11 03-18-2006 03:59 PM
iptables configuration help mousie Linux - Security 2 09-01-2005 01:57 PM
iptables configuration props666999 Linux - Security 3 08-28-2005 02:32 PM
iptables configuration tungaw2001 Linux - Networking 2 04-15-2004 03:01 PM
iptables configuration know Linux - Networking 2 05-25-2003 04:55 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration