On April 27, 2004 07:46 pm, Frank Reichenbacher wrote: > > -----Original Message----- > > From: redhat-list-bounces@xxxxxxxxxx > > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Pete Nesbitt > > Sent: Tuesday, April 27, 2004 6:35 PM > > To: frank@xxxxxxxxxxx; General Red Hat Linux discussion list > > Subject: [redhat] Re: Remote Desktop/Firewall > > > > On April 27, 2004 06:06 pm, Frank Reichenbacher wrote: > > > I have pmfirewall (www.pointman.org) running on my RH 7.0 > > > > server/LAN > > > > > Router on a home office setup. It is a simple but effective > > > > ipchains > > > > > firewall script. > > > > > > I need to use my WinXP desktop on the inside of the home > > > > firewall to > > > > > communicate with my office WinXP, which is inside a > > > > firewalled router > > > > > on a Win2K LAN. The home side outernet IP is 66.93.153.62, > > > > innernet IP > > > > > 192.168.1.2. The office side outernet IP is 64.232.168.34, the > > > innernet IP is 192.168.1.103. > > > > > > I didn't see in the script a place that closes off the RDP > > > > port 3389 > > > > > specifically, so I added the following two rules at the end of the > > > script. > > > > > > $IPCHAINS -A input -p tcp -s 64.232.168.34 --source-port 3389 -d > > > 192.168.1.2 --destination-port 3389 -j ACCEPT > > > > > > I've also tried combinations of ports 0:65535, 3389 and there is no > > > difference. The logs show that the firewall is denying a return of > > > bits from the 64.232.168.34 IP on port 65535. I am contacting the > > > remote network, but it is blocked on my end from returning any > > > packets. > > > > > > When I run ipchains from the prompt, I see that port 3389 > > > > is open to > > > > > 64.232.168.34, I don't seem to see anything that appears to deny it > > > afterwards. > > > > > > Frank > > > > Frank, > > Do you have input, forward and output chains for that port? > > (as I recall, > > ipchains needs all 3 to make the path thru the firewall) > > > > Your routers/gateways must be doing NAT on the outside > > (presuming an internet > > connection), so it is not a destination of 192.168.1.2 that > > the input chain > > needs to allow, it is destination 66.93.153.62 > > I'll check on the other stuff. If I allow 66.93.153.62, how do I then > get packets to 192.168.1.2? > > Frank It's been a while since I used IPchains, but I beleive you want something like: $IPCHAINS -A input -p tcp -s 64.232.168.34 -sport 3389 -d 66.93.153.62 -dport 3389 -j REDIRECT 192.168.1.2 $IPCHAINS -A forward -p tcp -d 192.168.1.2 -dport 3389 -j ACCEPT $IPCHAINS -A output -p tcp -d 192.168.1.2 -dport 3389 -j ACCEPT You should have a look at: http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/IPCHAINS-HOWTO.html -- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
