Problem getting connection to terminal Server behind router and firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I have got following problem and would be happy about every hint you can
give to me:

Infrastructure:
===============

A router (AVM Fritz!Box Phone 7050 connected via Broadband-Access to the
WWW, using an dynamic IP adress. It's neccesarry to use this Router because
it includes a VoIP-telephone switchboard with QOS-Features. 
External Adress: dynamic (WAN)
Internal Adress: 192.168.178.1

The dynamic Address is published through a dyndns-Account

After the router there is my firewall, (SuSE 9.3, iptables). The firewall is
based on a "harry's script" which was a little bit modified.
eth0: 192.168.178.100 (connected to the router)
eth1: 192.168.1.100   (connected to my LAN)

With IP 192.168.1.101 there is a Microsoft Windows SBS Server 2003 including
Terminal-Server Service reached via MS-Remote-Desktop (Port 3389)

ToDo:
=====

The Terminal-Server should be reached from the www.

This works fine as long as I don't have the Linux-Server in my network.
If I change the MS SBS-IP to 192.168.178.101 for example and configure the
router to forward all TCP 3389 requests to 192.178.101, everything works as
it should.

Problem:
========

After the Linux-Firewall is between router an MS SBS, Terminal-Server access
is not possible (all client services HTTP, HTTPS, POP3, IMAP... work fine)

I tried to ways:

1. Config the router to forward all TCP 3899 requests to the firewall
(192.168.178.100) On the firewall i put the setting: 
iptables -t nat PREROUTING -p tcp --dport 3389 -j DNAT --to
192.168.1.101:3389 and (another try) iptables -t nat PREROUTING -p tcp
--dport 3389 -j DNAT --to 192.168.1.101

2. Config the outer to forward all TCP requests directly to MS SBS
(192.168.1.101)
Firewall:
iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT

On both way's a tried to include Source/Destination-IP, incoming/outgoing
devices, but without any positive results. Which way I should follow
generally?

There get some packages through the firewall using both solutions (I can see
an incoming connections in the Terminal-Servers log files) but no correct
connection can be established.

Thanks for your help
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux