Re: Filtered Port

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Rob Sterenborg wrote:

On Tue, January 31, 2006 15:17, Scott Mayo wrote:


Rob Sterenborg wrote:


On Tue, January 31, 2006 14:55, Scott Mayo wrote:



I am not sure if this is my iptables or not, but I am not sure where
else to look or ask.  I am trying to use Remote Desktop on a
computer.  From inside my network, it works fine, but once I get
outside, I cannot use it.  I have set my IPTABLES to forward
anything
going to port 3389 to the computer that is using Remote Desktop.

The problems seems to be that port 3389 is filtered.  I can find
nothing in my iptables where I have this port filtered.  Are there
some generic ports, that IPTABLES filters on it own or something?
If
the IPTABLES are not filtering it, what else could be?



You allow forwarding to this host but you also need to DNAT these
packets from the internet IP to the IP of your computer.

$ipt -t nat -A PREROUTING -i <if_inet> -d <ip_inet> \
 -p tcp --dport 3389 -j DNAT --to <ip_controlled_host>


Maybe I used the wrong word when I said 'forward'.  This is the rule
that I have in place and it does not seem to be working.  I assumed
that it was because the port is filtered, or that is what NMAP tells
me when I run it.

I still have no idea why port 3389 is shown as being filtered.  I
have no rules in my iptables that explicitly filter it.



In that case you may want to allow forwarding ;-)..

$ipt -A FORWARD -i <if_inet> -o <if_lan> -d <ip_controlled_host> \
  -p tcp --dport 3389 -j ACCEPT
This did not let it go through either. It must not be the iptables causing it. I took everything out of my rules except for the PREROUTING rule above and my POSTROUTING rule for SNAT and I am getting the same thing.
I am not sure what else would be blocking this, unless it is the upstream ISP. I don't think it is, but I have sent them an email to make sure. Only thing this machine is used for is to be a filter using IPTABLES, Squid and Dansguardian. 

Hopefully it has something to do with my ISP, but I really doubt it.

Thanks for the help.

--
Scott Mayo
Technology Coordinator
Bloomfield Schools
PH: 573-568-5669
FA: 573-568-4565
Pager: 800-264-2535 X2549

Duct tape is like the force, it has a light side and a dark side and it
holds the universe together.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux