Hi guys,

I want to remote-desktop into a windows box that happens to be hooked up to a linux server. The linux server uses a static IP.

I've already enabled remote-desktop on the windows machine, but am wondering what I need to do server-side to make the server's ip forward to the windows machine. I know this can be done with iptables but I'm not sure how to work it.

I believe I opened port 3389 - but I'm not sure that's enough.

Thanks for any help.

You will need a remote desktop client that it is capable of speaking Windows Terminal Services protocol. Check out this one called rdesktop, which claims to have this functionality.

I only need to access it from windows, windows-to-windows. I just need to set up the linux server to forward incoming connections to the computer it's attached to. Do I still require rdesktop on hte server...?

I read your post backwards. I thought you meant you wanted to view the Windows desktop remotely. If you wish to view the Linux desktop on Windows, there are several ways you can do this. VNC is one of the most common methods, but by default it does not use a secure connection so you will want to tunnel it over an SSH connection. The way that I have had the most success with is FreeNX. You can even use x-forwarding over SSH and use a program like Cygwin on the Windows machine.

The "remote desktop" options on Linux and Windows speak different protocols. Consequently, you need a third party tool to go between the two of them. Once you have the tool working, I would suggest turning off "remote desktop" or at least putting your firewall in front of it to prevent unintended access to your system. Also, it goes without saying, use either RSA keys or very strong passwords for this feature. One last thing, beware of uPnP on your router. If you have a remote desktop application with uPnP enabled, you could have an unsecured open port without even realizing it.

I think the OP is simply needing to set up port forwarding to a Windows box behind a Linux server.
This requires two iptables rules:
1) A rule to accept incoming requests to port 3389 e.g.
$IPTABLES -A INPUT -i $EXTIF -p tcp -s $EXTNET1 --dport 3389 -j ACCEPT
and
2) A rule to forward the request to the target Windows box e.g.
$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp --dport 3389 -j DNAT --to-destination $WINDOWSBOX

I am assuming that SNAT has already been enabled in the firewall with rules like:
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP

Comment: The above is potentially very insecure.

Personally, I use a SSH tunnel with X forwarding and key authorisation to connect to my Linux server, and then run rdesktop on the server.

Thank you, that's just what I needed. I'll try this on the morrow and hopefully it will work.