Terminal Services Port Forwarding
i am trying to forward port 3389 from my linux machine (ip 10.30.10.201) to my winxp machine (ip 10.30.10.200) and was wondering if someone could assist me in doing so. i've tried everything i can find but it just wont work. any help would be greatly appreciated. basically what im wanting to do is accept all incoming connections on port 3389 and forward them to my winxp machine.
Stats on the Linux Box: Redhat 9.0 Kernel 2.4.20 network card is eth0 |
i use iptables to do any forwarding:
example: must do this, and u must do it everytime u reboot: echo 1 > /proc/sys/net/ipv4/ip_forward - it turns on forwarding iptables -A PREROUTING -p tcp --dport 3389 -j DNAT -to 10.30.10.200:3389 iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT the 1st rule changes the destination of packets comming from anywhere going to port 3389 to the 10.30.10.200 machine, the second rule allows packets to be forwarded if they are bound for port 3389. If you need the same for udp you can do the rules twice but I think the second rule may not be needed if the default policy for the FORWARD chain is ACCEPT. But it will help if later you decide to get strict with your firewall rules and not allow any forwarding that you didnt explicity setup yourself. Also you may want to put the iptables stuff in file (shell script if you will) and then put a call to the script in your rc.local so that everytime the machine boots, the rules get set without having to type them over each time. |
Still no luck. i do a port scan using nmap and port 3389 isn't open on my machine.
|
I think the correct form is:
iptables -A PREROUTING -p tcp --dport 3389 -j DNAT --to-destination 10.30.10.200:3389 and the phrase ':3389' can be omitted |
i got it to work, here's what commands i used:
iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to-destination 10.30.10.200:3389 iptables -t nat -A POSTROUTING -p tcp --dport 3389 -j SNAT --to-source 10.30.10.201:3389 iptables -A FORWARD -d 10.30.10.200 -i eth0 -o eth0 -p tcp --dport 3389 -m state --state INVALID,NEW,RELATED,ESTABLISHED -j ACCEPT please let me know if there is another way to achieve this using less lines |
Use Shorewall
Hi there!
I am using shorewall on my Win2K's lan router, and I do need to let some outsiders access the TS server. So, using shorewall as firewalling server, the rule is very simple (after you'll read the docs, you'll understand more :): - one rule to accept incoming [3389] packets from the outsider (in this case, the outsider is 1.2.3.4) to the firewall (fw) - one rule to DNAT all incoming packets to the TS (192.168.1.3) Quote:
|
-
|
All times are GMT -5. The time now is 01:09 AM. |