Anyone - M$ Term Server behind iptables?
From: ERACC (junkmail_at_eracc.com)
Date: 11/04/03
- Next message: ERACC: "Re: Anyone - M$ Term Server behind iptables?"
- Previous message: Mike: "Re: zywall 10 password"
- Next in thread: ERACC: "Re: Anyone - M$ Term Server behind iptables?"
- Reply: ERACC: "Re: Anyone - M$ Term Server behind iptables?"
- Reply: P.T. Breuer: "Re: Anyone - M$ Term Server behind iptables?"
- Reply: joseph philip: "Re: Anyone - M$ Term Server behind iptables?"
- Reply: ERACC: "Re: Anyone - M$ Term Server behind iptables? SOLVED"
- Reply: Joe Beasley: "Re: Anyone - M$ Term Server behind iptables?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 04 Nov 2003 12:11:19 -0600
Greetings Gurus,
I am trying to help a friend of mine get his company's M$ Term Server
safely behind an iptables firewall. It needs to be able to be
accessed by the company Road Warriors but it was cracked recently and
now The Pointy Haired Bosses want it behind a firewall. He asked for
my help because he knows "you do Linux stuff". Which is true, but I
am an iptables novice. Especially when attempting to set up port
forwarding to a service behind the firewall. Why am I asking here
rather than he? Because his company Internet policy does not allow
posting to or reading USENET on the job. :-)
The NAT *is* working on the firewall because his LAN can get through
it to browse the WWW. Once we made sure NAT was working he also set
up Squid, with a little help from me, and that is working as well.
Now we are both trying to figure out how to get access to the M$ Term
Server set up and apparently can't figure it out. Here are the rules
in the firewall script as of now:
# Window$ Terminal $erver port forwarding
echo " - FWD: Forwarding Microsoft Term Server requests"
$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp --dport 3389 -j DNAT --to 192.168.0.10:3389
$IPTABLES -A FORWARD -p tcp -i $EXTIF --dport 3389 -d 192.168.0.10 -j ACCEPT
However, when his boss tried to access it from her home and her
remote office (at another of their locations) using the IP address of
the firewall it timed out. There are no messages in /var/log/messages
that have her home IP (a fixed IP address) or her remote office IP in
them which suggests to me that at least the packets are not being
DROPped and LOGged. So, we are missing something.
Is anyone in either of the groups to which this is posted
successfully accessing a M$ Term Server through an iptables firewall?
If so, PLEASE share the rules needed to do this.
TIA!
Gene (e-mail: gene \a\t eracc \d\o\t com)
-- Linux era4.eracc.UUCP 2.4.21-0.25mdk i686 11:46:43 up 3 days, 17 min, 8 users, load average: 0.00, 0.05, 0.02 ERA Computer Consulting - http://www.eracc.com/ eCS, OS/2, Mandrake GNU/Linux, OpenServer & UnixWare resellers
- Next message: ERACC: "Re: Anyone - M$ Term Server behind iptables?"
- Previous message: Mike: "Re: zywall 10 password"
- Next in thread: ERACC: "Re: Anyone - M$ Term Server behind iptables?"
- Reply: ERACC: "Re: Anyone - M$ Term Server behind iptables?"
- Reply: P.T. Breuer: "Re: Anyone - M$ Term Server behind iptables?"
- Reply: joseph philip: "Re: Anyone - M$ Term Server behind iptables?"
- Reply: ERACC: "Re: Anyone - M$ Term Server behind iptables? SOLVED"
- Reply: Joe Beasley: "Re: Anyone - M$ Term Server behind iptables?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
