LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-14-2009, 07:16 AM   #1
srs2000
LQ Newbie
 
Registered: Jul 2009
Posts: 7

Rep: Reputation: 0
iptables, enable rdp only


Hi, all I am trying to write a simple script for puppy linux to enable just rdp but with no joy at the moment, so any help would be much appriciated.

Here's the script so far, thanks in advance

iptable -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 3389 -j ACCEPT

at the moment this seems to stop rdp from working at all!
 
Old 07-14-2009, 09:49 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
well the only RDP rule you have there says that traffic LEAVING this box going TO an RDP server is permitted. I assume that's not what you want, and actually want the INPUT table, not OUTPUT? You've not said that *ANYTHING* is allowed to reach your machine from the outside there.
 
Old 07-14-2009, 12:44 PM   #3
slugmax
Member
 
Registered: Nov 2008
Location: Southern Quebec
Distribution: Slackware, Debian, Ubuntu
Posts: 69

Rep: Reputation: 25
First ask yourself what you are trying to accomplish. Where is the RDP
server, and who is trying to get to it? Then remember that the OUTPUT
chain is for connections leaving the firewall. INPUT is for
connections directly to the firewall, and FORWARD is for connections
through the firewall.

With that in mind, and assuming you just want to let other boxes get
to your RDP server (which is on your firewalled host), this would
work:

Code:
...
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 3389 -m state --state NEW -j ACCEPT
...
You can do something similar for your OUTPUT or FORWARD chains. Using
iptables state match (-m state) is always recommended, as it
simplifies rules. It also increases security by avoiding the need to
open up high ports for return traffic.

I have some commented iptables scripts you might find useful as a
starting point here:

http://blog.unixlore.net/2006/03/lin...l-scripts.html
 
Old 07-16-2009, 05:11 AM   #4
srs2000
LQ Newbie
 
Registered: Jul 2009
Posts: 7

Original Poster
Rep: Reputation: 0
hi, so to clear up, I actually want to use this box to rdp out and that is all, so it will be used like a thin client.

So i figured I only need open outbound, but thats not working!

cheers
 
Old 07-16-2009, 06:17 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
no it won't as the *OUTBOUND DESTINATION* is your client, not your server.
 
Old 07-16-2009, 10:34 AM   #6
srs2000
LQ Newbie
 
Registered: Jul 2009
Posts: 7

Original Poster
Rep: Reputation: 0
Thanks guys, got it working, so here's the script below in case anyone else ever wants to do the same......

iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 3389 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 3389 -m state --state NEW -j ACCEPT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Enable SNAT with IPTABLES on FC5 fayax Linux - Networking 5 08-03-2007 04:31 PM
how to enable multicast broadcasting with iptables? mac1234mac Linux - Networking 2 06-21-2006 06:31 AM
Please help with IPTABLES+RDP(3389) dimis Linux - Networking 3 05-15-2006 08:06 AM
iptables- enable davidhk Linux - Security 2 09-04-2005 03:43 PM
how do I enable logging in iptables for FC2? alizard Linux - Security 5 03-06-2005 06:18 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration