Hi Port 3389 is used with windows xp remote desktop. The terminal services connection can use also ports 3390, 3391, ... Try to open also these ports. > Hello, > > I have got following problem and would be happy about every hint you can > give to me: > > Infrastructure: > =============== > > A router (AVM Fritz!Box Phone 7050 connected via Broadband-Access to the > WWW, > using an dynamic IP adress. It's neccesarry to use this Router because > it includes > a VoIP-telephone switchboard with QOS-Features. > External Adress: dynamic (WAN) > Internal Adress: 192.168.178.1 > > The dynamic Address is published through a dyndns-Account > > After the router there is my firewall, (SuSE 9.3, iptables). The > firewall is based on > a "harry's script" which was a little bit modified. > eth0: 192.168.178.100 (connected to the router) > eth1: 192.168.1.100 (connected to my LAN) > > With IP 192.168.1.101 there is a Microsoft Windows SBS Server 2003 > including Terminal-Server > Service reached via MS-Remote-Desktop (Port 3389) > > ToDo: > ===== > > The Terminal-Server should be reached from the www. > > This works fine as long as I don't have the Linux-Server in my network. > If I change the MS SBS-IP to 192.168.178.101 for example and configure > the router to > forward all TCP 3389 requests to 192.178.101, everything works as it > should. > > Problem: > ======== > > After the Linux-Firewall is between router an MS SBS, Terminal-Server > access is not > possible (all client services HTTP, HTTPS, POP3, IMAP... work fine) > > I tried to ways: > > 1. Config the router to forward all TCP 3899 requests to the firewall > (192.168.178.100) > On the firewall i put the setting: > iptables -t nat PREROUTING -p tcp --dport 3389 -j DNAT --to > 192.168.1.101:3389 > and (another try) > iptables -t nat PREROUTING -p tcp --dport 3389 -j DNAT --to > 192.168.1.101 > > 2. Config the outer to forward all TCP requests directly to MS SBS > (192.168.1.101) > Firewall: > iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT > > On both way's a tried to include Source/Destination-IP, > incoming/outgoing devices, > but without any positive results. Which way I should follow generally? > > There get some packages through the firewall using both solutions (I can > see an incoming > connections in the Terminal-Servers log files) but no correct connection > can be established. > > Thanks for your help
