Hi there,
I seem to be having issues opening certain ports on my linux box, fedora core 3. The problem particularely is with remote desktop'ing to my home computer from my work computer. All the nessecary ports are open from my home comptuer as I can access that from anywhere but work. I have a windows station next to me (my co-worker) and I can log into home through there just fine. Yet everytime I try (using rdesktop) with my fedora box it simply will not log in and instead times out.

I've tried disabling iptables as well ass adding port 3389 (same port I opened on my home router obviously) on my linux box and still nothing.

Is there a default firewall that I don't know about in fedora which is blocking this port?

Thank you in advance for any help

If you want to access your windows box which is sitting on your LAN behind your linux PC from a windows box on the internet you'll need to do some port forwarding. Are you saying it works from your friend's PC at work, but not your work PC? Can you post the output of iptables -L -v so we can see what your firewall is doing?

Thank you for the speedy reply,

The following is iptabels -L -v (remember I stopped the iptables service)

[root@localhost tests]# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@localhost tests]#


also, I have done all the necessary port-forewarding as I can remote to my pc machine from anywhere else BUT my linux box at work. Also, to be more clear, from my work I CAN connect from my friends windows machine, but not my linux box.

Unless your /etc/hosts.allow /etc/hosts.deny files on the Linux box are blocking your work PC, which doesn't sound likely, it could be the connection outbound from your work PC is being blocked by its own firewall. Is it a Windows XP PC with the firewall turned on?

You could install ethereal on your work PCs and your Linux PC - then watch the packet traces to see the packets leaving each Windows box and whether they arrive at the Linux box. Also, turn on firewall logging (on the Windows PCs) to see if packets are being dropped.

Sorry I must've been unclear again. My home pc is a Windows XP machine and I can always connect from that, from anywhere (including the windows machines at work.) The only sites that I cannot access my windows machine at home from seems to be my Linux box at work.

Hope that was a little clearer.

My mistake - I thought your Linux box was between the 2 Windows boxes.

Do you have ethereal on the boxes though? It sounds like there is nothing blocking the packets along the way since the Windows PC at work can connect to your home PC. I haven't used rdesktop - but ethereal will confirm for you that the packets from the Linux box are reaching the Windows box (and on what port).

Can you use rdesktop to connect to the Windows PC beside you at work?

I was thinking ethereal too so I could watch the packets and see where they terminate, but I don't remember if it was a bitch to install and get going or not so I tried looking for a simpler solution.

As for trying to remote from my linux box to my co-workers pc machine, she doesn't have a remote desktop server active and I can't ask her to give me permission (I kinda hacked into her pc when she was out to lunch to check if I could mstsc home lol)

So... yah I think it's something very simple, I guess if worse comes to worse I could ethereal the situation but I'm trying to avoid that =\

Hi AstroBoii,

What happens if you telnet from your work PC to your home PC on port 3389? if you get connected (ie you don't get an error message) then the network side of things is fine and it's something to do with the application. Try something like

[CODE}> telnet my.home.pc.ip 3389 [/CODE]

replacing my.home.pc.ip with your home PC's IP address.

telnet'ing didn't work. but should it? port 3389 isn't setup to accept telnet's only rdp's. Maybe I'm just understanding wrong, can you telnet to any port to test it's availability or does the port have to be setup to accept incomming telnet requests (this is the way I understand it for some reason I could be wrong).

You can telnet to any port to check its open. You just won't necessarily be able to do anything with it

Try checking your linux box logs for iptables blocks. If you got a "connection refused" message straight away, that is a definite sign of a firewall somewhere blocking you. A "connection timed out" is a bit more vague, you could still have a firewall in the way, but it could also be that the server at the other end didn't respond quickly enough.

You could also try a traceroute to your home pc and see how far it gets. I don't hold out much hope for this, as ICMP tends to be blocked on corporate firewalls. From the linux box try

If your colleague is away from her PC, you could also try the same from her machine and compare results

probabaly should've mentioned it but I've tried tracepath before and I get nowhere, (here's a post anyways just to illustrate the point).

[root@localhost tests]# tracepath astroboiii.no-ip.org
1: 192.168.0.203 (192.168.0.203) 0.494ms pmtu 1500
1: no reply
2: no reply
3: no reply
4: no reply
5: no reply
...

Here is the conclusion I've come to. I know that we have a main firewall for all incomming/outgoing packets which come in and out of the building (obviously). Only those "higher" ups which can work from home and the lot have there ip's entered into the main firewall and the rest have been blocked (like me). But the strange part that I can't seem to understand is that, the windows machine that I used was of a sales rep...I'm not 100% certain they would give them remote access from home as... all they do is answer phones and deal with bs. But hey you never know. Also, everyday I come to work I have to unplug someones cable from there nic and pop it in mine, and the person I'm pop'ing the cable out from sometimes DOES have a connection and sometimes doesn't (it's a different pc I pop the cable out of each time depending on availability). So I'm going to test whicho neo f them has it and if it'll work on my device (barring it's not mac filtered (who would take it that far really!))

Other than that I cannot think of why the heck else I can't remote home!? Iptables are stopped and all portscans I do yield results of failure all over the place so I'm open with my @ss in the air ready to get fu_ _ed but still nothing =\

It's not likely to matter what cable you use unless some of your colleagues are in different VLANs and the firewall is configured to allow access for some of the VLANs and not others. If you're linux box is set to use a static IP, you could try reconfiguring it to get a DHCP address or try a different static. I take it there's no chance of getting someone to look at the firewall for you?

Another option is running an SSH server on your windows machine and tunneling the RDP connection through SSH, but to be honest, I've only ever done that the other way round i.e. windoze client to linux server. Presumably you have web access so you could always try VNC over the web - there are a few alternatives to RDP. If you have to stick with RDP, try changing the port to something else. Choosing something obscure like 10010 might get you through the firewall.

Just an aside - be *very* careful doing portscans in work. If whoever maintains the firewall finds portscans in his log, he's likely to assume you're an inside hacker and may take exception to the traffic.