Re: Anyone - M$ Term Server behind iptables?

From: tutaepaki (reply_at_newsgroup.not.me)
Date: 11/04/03

• Next message: EnigmaX: "Re: Visnetic, Outpost, or Kerio which is best?"
• Previous message: Mike: "Re: zywall 10 password"
• In reply to: ERACC: "Re: Anyone - M$ Term Server behind iptables?"
• Next in thread: ERACC: "Re: Anyone - M$ Term Server behind iptables?"
• Reply: ERACC: "Re: Anyone - M$ Term Server behind iptables?"
• Reply: ERACC: "Re: Anyone - M$ Term Server behind iptables?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 4 Nov 2003 20:58:30 +0000 (UTC)

ERACC <junkmail@eracc.com> wrote in
news:pan.2003.11.04.18.31.38.815761@era4.eracc.UUCP:

> On Tue, 04 Nov 2003 12:11:19 -0600, ERACC wrote:
>
>> Greetings Gurus,
>>
>> I am trying to help a friend of mine get his company's M$ Term Server
>> safely behind an iptables firewall. [...]
>
>> Now we are both trying to figure out how to get access to the M$ Term
>> Server set up and apparently can't figure it out. Here are the rules
>> in the firewall script as of now:
>>
>> # Window$ Terminal $erver port forwarding echo " - FWD:
>> Forwarding Microsoft Term Server requests" $IPTABLES -t nat -A
>> PREROUTING -i $EXTIF -p tcp --dport 3389 -j DNAT --to
>> 192.168.0.10:3389 $IPTABLES -A FORWARD -p tcp -i $EXTIF --dport 3389
>> -d 192.168.0.10 -j ACCEPT
>
> ICK! That looks terrible. Pan is apparently rewrapping my outgoing
> text w/o my ok. :-(
>
> This should look better:
>
> # Window$ Terminal $erver port forwarding
>
> echo " - FWD: Forwarding Microsoft Term Server requests"
>
> $IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp --dport 3389 -j DNAT
> --to 192.168.0.10:3389
>
> $IPTABLES -A FORWARD -p tcp -i $EXTIF --dport 3389 -d 192.168.0.10 -j
> ACCEPT
>
> [...]
>
> Gene (e-mail: gene \a\t eracc \d\o\t com)

I don't see a rule which permits the responses from your TS in the
FORWARD chain. eg

$IPTABLES -A FORWARD -p tcp -i $INTIF --sport 3389 -s 192.168.0.10 -m
state --state ESTABLISHED -j ACCEPT

---

• Next message: EnigmaX: "Re: Visnetic, Outpost, or Kerio which is best?"
• Previous message: Mike: "Re: zywall 10 password"
• In reply to: ERACC: "Re: Anyone - M$ Term Server behind iptables?"
• Next in thread: ERACC: "Re: Anyone - M$ Term Server behind iptables?"
• Reply: ERACC: "Re: Anyone - M$ Term Server behind iptables?"
• Reply: ERACC: "Re: Anyone - M$ Term Server behind iptables?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Anyone - M$ Term Server behind iptables? ... > I am trying to help a friend of mine get his company's M$ Term Server ... Pan is apparently rewrapping my outgoing ... (comp.os.linux.networking) Re: Anyone - M$ Term Server behind iptables? ... > I am trying to help a friend of mine get his company's M$ Term Server ... Pan is apparently rewrapping my outgoing ... (comp.security.firewalls) Re: Anyone - M$ Term Server behind iptables? ... >> Greetings Gurus, ... >> I am trying to help a friend of mine get his company's M$ Term Server ... Pan is apparently rewrapping my outgoing ... (comp.os.linux.networking)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.firewalls  > 2003-11