Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-05-2006, 03:35 AM
|
#1
|
Member
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115
Rep:
|
Iptables configuration
Hi Guys,
I am seeking some advice on a IPTABLES. I would like to setup a ip forwarding on my linux network router running RHEL 4, my question is, how do i setup a ip forwarding for an external remote client using RDP (Windows). let say i have a computer inside my network and i want to remote the computer from the internet using the rdp protocol. how do i do this on iptables?
I have this syntax, and for some reason it didn't work.
iptables -t nat -A PREROUTING -p tcp --dport 3389 -d 13.0.0.1 -j DNAT --to X.X.X.X:3389
iptables -A FORWARD -p tcp --dport 3389 -d X.X.X.X -j ACCEPT
NOTE:
13.0.0.1 is my router's private ip
|
|
|
10-05-2006, 07:07 AM
|
#2
|
Member
Registered: May 2006
Distribution: Slackware
Posts: 46
Rep:
|
Maybe try the -i switch for you (external) interface.
Maybe you can cut you private ip out of the command.
|
|
|
10-07-2006, 02:01 AM
|
#3
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by gurl4sh25
Hi Guys,
I am seeking some advice on a IPTABLES. I would like to setup a ip forwarding on my linux network router running RHEL 4, my question is, how do i setup a ip forwarding for an external remote client using RDP (Windows). let say i have a computer inside my network and i want to remote the computer from the internet using the rdp protocol. how do i do this on iptables?
I have this syntax, and for some reason it didn't work.
iptables -t nat -A PREROUTING -p tcp --dport 3389 -d 13.0.0.1 -j DNAT --to X.X.X.X:3389
iptables -A FORWARD -p tcp --dport 3389 -d X.X.X.X -j ACCEPT
NOTE:
13.0.0.1 is my router's private ip
|
so basically you just need to forward port 3389/tcp to an internal box??
if so, then it would go like this (make sure your FORWARD policy is set to DROP):
Code:
iptables -t nat -A PREROUTING -p TCP -i $WAN_IFACE --dport 3389 \
-d $WAN_IP -j DNAT --to-destination $LAN_RDP_BOX
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p TCP -i $WAN_IFACE -o $LAN_IFACE --dport 3389 \
-d $LAN_RDP_BOX -m state --state NEW -j ACCEPT
|
|
|
10-09-2006, 09:14 AM
|
#4
|
Senior Member
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291
Rep:
|
You may need to turn ip forwarding on in the kernel as well:
Code:
echo "1" > /proc/sys/net/ipv4/ip_forward
|
|
|
10-10-2006, 01:55 AM
|
#5
|
Member
Registered: Apr 2006
Distribution: SuSE, RedHat, Fedora, CentOS, BSD
Posts: 115
Original Poster
Rep:
|
Hi Guy,
I'ved already setup the ip forwarding to 1, in which fotoguy suggested, and regarding what win32sux said, i already tried the code, but still doesn't work. here is the complete details that i'm trying to do.
LAN IP = 13.0.0.20 = eth1
WAN IP = 192.168.102.83 = eth2
TARGET IP for RDP = 192.168.102.11
_______
I'ved tried the code:
iptables -t nat -A PREROUTING -p TCP -i eth2 --dport 3389 -d 192.168.102.83 -j DNAT --to-destination 192.168.102.11
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p TCP -i eth1 -o eth2 --dport 3389 -d 192.168.102.11 -m state --state NEW -j ACCEPT
---------------
Any idea?
|
|
|
10-10-2006, 02:20 AM
|
#6
|
Senior Member
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291
Rep:
|
Could you post the whole iptables script you are using? if your not using a script only the default that comes with the distro, could you post the results of this command:
Also i'm trying to get an understanding of your network configuration so I can help you better. Is this router connecting your network to your ISP's network. Or is this router inside your network creating another subnet so you can test inside your network first?
I'm just curious about your LAN and WAN IP's, your LAN ipaddress is a reservered A class public address and your WAN is a reservered class C private address, is this just for the purpose of us helping out, or are they the actual addresses. Also there is no eth0 card, all ethernet cards in unix/linux start at eth0, this could also be part of the problem.
Last edited by fotoguy; 10-10-2006 at 02:53 AM.
|
|
|
All times are GMT -5. The time now is 06:02 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|