> -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Pete Nesbitt > Sent: Tuesday, April 27, 2004 6:35 PM > To: frank@xxxxxxxxxxx; General Red Hat Linux discussion list > Subject: [redhat] Re: Remote Desktop/Firewall > > > On April 27, 2004 06:06 pm, Frank Reichenbacher wrote: > > I have pmfirewall (www.pointman.org) running on my RH 7.0 > server/LAN > > Router on a home office setup. It is a simple but effective > ipchains > > firewall script. > > > > I need to use my WinXP desktop on the inside of the home > firewall to > > communicate with my office WinXP, which is inside a > firewalled router > > on a Win2K LAN. The home side outernet IP is 66.93.153.62, > innernet IP > > 192.168.1.2. The office side outernet IP is 64.232.168.34, the > > innernet IP is 192.168.1.103. > > > > I didn't see in the script a place that closes off the RDP > port 3389 > > specifically, so I added the following two rules at the end of the > > script. > > > > $IPCHAINS -A input -p tcp -s 64.232.168.34 --source-port 3389 -d > > 192.168.1.2 --destination-port 3389 -j ACCEPT > > > > I've also tried combinations of ports 0:65535, 3389 and there is no > > difference. The logs show that the firewall is denying a return of > > bits from the 64.232.168.34 IP on port 65535. I am contacting the > > remote network, but it is blocked on my end from returning any > > packets. > > > > When I run ipchains from the prompt, I see that port 3389 > is open to > > 64.232.168.34, I don't seem to see anything that appears to deny it > > afterwards. > > > > Frank > > Frank, > Do you have input, forward and output chains for that port? > (as I recall, > ipchains needs all 3 to make the path thru the firewall) > > Your routers/gateways must be doing NAT on the outside > (presuming an internet > connection), so it is not a destination of 192.168.1.2 that > the input chain > needs to allow, it is destination 66.93.153.62 I'll check on the other stuff. If I allow 66.93.153.62, how do I then get packets to 192.168.1.2? Frank > > -- > Pete Nesbitt, rhce > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
