Re: [fw-wiz] Nat+Port Forwarding

• Previous message: Martin Schoeman: "[fw-wiz] Nat+Port Forwarding"
• In reply to: Martin Schoeman: "[fw-wiz] Nat+Port Forwarding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Amiel David" <damiel@iname.com>
To: <martin@i-online.co.za>, <firewall-wizards@honor.icsalabs.com>
Date: Fri, 14 Mar 2003 19:05:49 +0100

A command like this would be sufficient :

iptables -t nat -A PREROUTING -p tcp --dport 3389 -i ppp0 -j DNAT --to
X.X.X.X (priv8 ip of your w2k)

regards,

David

----- Original Message -----
From: "Martin Schoeman" <martin@i-online.co.za>
To: <firewall-wizards@honor.icsalabs.com>
Sent: Friday, March 14, 2003 9:03 AM
Subject: [fw-wiz] Nat+Port Forwarding

> Hi
>
> I have a W2K server on my internal LAN xxx.xxx.xxx.xxx (private ip) I
> am using iptables and need to connect from the outside to the W2K
> server using MS Terminal Service. I need to open and forward port 3389
> TCP and UDP for this to work as far as I know
>
> This is what I came up with so far.
>
> *nat -A PREROUTING -p tcp -m tcp --dport 3389 -j DNAT --to-destination
> xxx.xxx.xxx.xxx -A POSTROUTING -o eth0 -j SNAT --to-source
> yyy.yyy.yyy.yyy(servers external card) p --dport 3389 -j DNAT
> --to-destination xxx.xxx.xxx.xxx
>
> *filter -A FORWARD -p tcp -m tcp --dport 3389 -j ACCEPT -A FORWARD -p
> udp -m udp --dport 3389 -j ACCEPT -A INPUT -p tcp -m tcp -s 0/0
> --dport 3389 -j ACCEPT -A INPUT -p udp -m udp -s 0/0 --dport 3389 -j
> ACCEPT
>
> Any help would be much appreciated
> Martin Schoeman
>
>
>
>
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Martin Schoeman: "[fw-wiz] Nat+Port Forwarding"
• In reply to: Martin Schoeman: "[fw-wiz] Nat+Port Forwarding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: iptables: blocking network access for certain UIDs gives error. ... > you're familiar with iptables. ... > rule will match something using the owner module, ... > "stealthing" is a complete waste of time, I wouldn't DROP the packet ... (Fedora) Re: Serious issue with Outlook 2003 and SBS 2003, I need help ... > Well David, ... > I don't care about cached mode on my workstations, ... >> disconnect and reconnect on the fly and Outlook doesn't mind. ... >> Regards, ... (microsoft.public.windows.server.sbs) Re: CDatabase CRecordset - How to get the number of rows? ... Best Regards, ... David ... "Roy Fine" wrote: ... > What is the value of dataStr in the CRecordset::Open call. ... (microsoft.public.vc.mfc) Re: Nikkor 18-200 VR? Satisfied? Comments? ... Regards, David ... Can it be done in batch mode on a folder full of 18-200mm pictures? ... (rec.photo.digital.slr-systems) Re: Authenticode Timestamp Protocol ... Alon - contact us offline through your local channel; ... > Thank you David, ... > If I get the protocol I will implement it so we can use Authenticode. ... > Best Regards, ... (microsoft.public.platformsdk.security)