Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 11-21-2013, 06:17 AM   #1
Registered: Aug 2012
Posts: 709

Rep: Reputation: Disabled
Iptables preventing me from connecting to virtualbox using remote desktop


I installed VirtualBox 4.3 on a Centos6.4 basic server (no GUI) box physically located on the LAN downstream of my hardware firewall. I wish to connect to it using Windows Remote Desktop Connection from only clients directly on my LAN. Currently, my hardware firewall doesn't port forward port 3389, however, I will probably later do so, but it will not forward to the server in question, but one of the other Windows clients. If I turn iptables off, I can connect, however, when iptables is on, I cannot connect. Iptables is configured as follows. The Centos server also acts as a webserver, FTP server, and I use webmin, thus have ports 80 (and 443?), 22, and 10000 open. Not really sure what icmp is all about. Is iptables configured correct, and if not, what should I change?

Thank you

[root@desktop ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --             tcp dpt:10000
ACCEPT     all  --             state RELATED,ESTABLISHED
ACCEPT     icmp --  
ACCEPT     all  --  
ACCEPT     tcp  --             state NEW tcp dpt:22
ACCEPT     tcp  --             state NEW tcp dpt:80
ACCEPT     tcp  --             state NEW tcp dpt:443
REJECT     all  --             reject-with icmp-host-prohibited
ACCEPT     tcp  --             tcp dpt:3389
ACCEPT     udp  --             udp dpt:3389

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@desktop ~]#
Old 11-22-2013, 02:39 AM   #2
Senior Member
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,748
Blog Entries: 11

Rep: Reputation: 233Reputation: 233Reputation: 233
The output you gave is working setup?

You see the lines with POLICY in it? Those are the global rules that are effective when all other rules are passed. So having those on ACCEPT just dosn't do anything. Set those to DROP and you'll be safer.

To get the remote desktop to work find out the port thats used and write a allow rule for it. This go into the FORWARD rules I assume. Depending on how you setup the vbox network. Else write rules for INPUT and OUTPUT chain.

OUTPUT could be handled with connection tracking
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
connecting to remote public ip VPN , client behind iptables NAT problem markotitel Linux - Networking 0 05-31-2013 01:44 AM
Connecting to Puppy Linux 5.4 from Windows remote desktop KentuckyFred Linux - Newbie 1 01-14-2013 03:43 PM
Accessing remote desktop on VM from a remote machine using iptables cram869 Linux - Networking 3 03-07-2012 03:25 PM
Remote Desktop - Connecting to Linux from Windows XP JamboUK Ubuntu 2 05-17-2006 02:36 PM
remote desktop connecting (fedora 2) true_atlantis Linux - Software 6 09-28-2004 05:58 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:44 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration