remote controle

mrlinux2000 · 12-03-2008, 08:22 AM

i have two networks private 192.168.... and
public linux server which routing the privates to the net, using iptables , i want to give someone "support" remote control on one of my private pc ip:192.168.1.111 and the port is 3389 what rules should be applied ?

win32sux · 12-03-2008, 11:14 AM

It sounds like you basically want to forward port 3389/TCP. That would go something like:

Code:

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i $WAN_IFACE -o $LAN_IFACE --dport 3389 \
-d 192.168.1.111 -m state --state NEW -j ACCEPT

iptables -t nat -A PREROUTING -p TCP -i $WAN_IFACE --dport 3389 -j DNAT \
--to-destination 192.168.1.111

iptables -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE

For a touch of security, I recommend you also specify the support person's public IP address so that only that IP is given access, like:

Code:

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i $WAN_IFACE -o $LAN_IFACE --dport 3389 \
-d 192.168.1.111 -s 243.34.87.228 -m state --state NEW -j ACCEPT

iptables -t nat -A PREROUTING -p TCP -i $WAN_IFACE --dport 3389 -j DNAT \
--to-destination 192.168.1.111

iptables -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE

mrlinux2000 · 12-21-2008, 08:40 AM

thank you so much

wilfgascon · 12-21-2008, 07:31 PM

win32sux - you are always very helpful and your answers are always informative. I shall bookmark this one for future use.

Thanks!