> -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Pete Nesbitt > Sent: Monday, May 03, 2004 8:11 AM > To: frank@xxxxxxxxxxx; General Red Hat Linux discussion list > Subject: Re: [redhat] Re: Remote Desktop/Firewall <snip> > > > It's been a while since I used IPchains, but I beleive you want > > > something > > > like: > > > > > > $IPCHAINS -A input -p tcp -s 64.232.168.34 -sport 3389 -d > > > 66.93.153.62 -dport 3389 -j REDIRECT 192.168.1.2 > > > $IPCHAINS -A forward -p tcp -d 192.168.1.2 -dport 3389 -j > > > ACCEPT $IPCHAINS -A output -p tcp -d 192.168.1.2 -dport > 3389 -j ACCEPT > > > > Here's what didn't generate error messages when I restarted the > > firewall: > > > > $IPCHAINS -A input -p tcp -s 64.232.168.34 3389 -d > 66.93.153.62 3389 > > -j REDIR 192.168.1.2 3389 $IPCHAINS -A forward -p tcp -d > 192.168.1.2 > > 3389 -j ACCEPT $IPCHAINS -A output -p tcp -d 192.168.1.2 3389 -j > > ACCEPT > > > > (RH barks at REDIRECT) > > > > And then this is what shows up in /var/log/messages: > > May 2 19:35:25 mollynet kernel: Packet log: input DENY > eth0 PROTO=47 > > 64.232.168.34:65535 66.93.153.62:65535 L=65 S=0x00 I=52375 F=0x0000 > > T=54 > > (#42) > > > > It's always port 65535. It occurs to me that the Microsoft > RDP is not > > only using port 3389. I think my connection request is > received by the > > remote machine and then answered, but the firewall isn't > allowing the > > return packets to be received on the local machine. I've > tried a dozen > > configurations of port openings, but I admit that I have no idea of > > what would be correct, and, of course, none of them work. > <snip> > > Frank > > > > Frank, > Aside from this RDP service, can you confirm the firewall is > correctly passing > packets? Is the routing table correct to pass things back and forth? Yes absolutely. I've been using this machine as a home network gateway and firewall (and I run a website and email server on it, the latter even earns me money) very successfully for about 2 years(?) Pmfirewall is great. Part of the reason I'm so blindingly ignorant is that I haven't had to think about it. > > Are IP Masquerading & ICMP Masquerading both enabled in the kernel? Yes definitely. I'm looking at the pmfirewall script, which consists of several components. The initiating script speficially allows incoming and outgoing icmp and then calls a masquerading script. > > Can you confirm the port exchanges for RDP (protocols and > what the server uses > as a source/destination when it responds? I looked it up as best I could in several Internet sources and all I could find is that RDP uses port 3389. > > IPForwarding should also be enabled. To enable it add the > following to > /etc/rc.local or execute at command: > echo "1" > /proc/sys/net/ipv4/ip_forward This statement is already in pmfirewall and it appears to run correctly. > (if working 'cat /proc/sys/net/ipv4/ip_forward' will return "1") > > I remember ipchains had a rule testing command, there are > also a number of > options you may look at for ststus "ipchains -L forward" for example. Here are the three statements I inserted at the end of the pmfirewall script: $IPCHAINS -A input -p tcp -s 64.232.168.34 3389 -d 66.93.153.62 3389 -j REDIR 192.168.1.2 3389 $IPCHAINS -A forward -p tcp -d 192.168.1.2 3389 -j ACCEPT $IPCHAINS -A output -p tcp -d 192.168.1.2 3389 -j ACCEPT Running "ipchains -L input" appears to show that the first statement above is not loading, so that must be what the error message refers to when I try to restart pmfirewall. "ipchains -L input" shows (among other entries): ACCEPT tcp anywhere 192.168.1.2 any-> 3389 "ipchains -L output" shows (among other entries): ACCEPT tcp anywhere 192.168.1.2 any-> 3389 Now I strongly suspect there is something wrong with the syntax of the input statement. I tried several different variations, but could not find one that would appear to do what I want that would not produce an error message. The message BTW is, "Try '/sbin/ipchains -h' or '/sbin/ipchains --help' for more information." If I rem out the statement and then restart pmfirewall, the message does not appear. > > What other error messages in the logs? Hundreds of messages a day reflecting denials from a wide variety of IP addresses, but nothing, I think, out of the ordinary. > > One option, if windows has something like tcpdump, or else > set the linux box > as a router, not a firewall, and monitor a successful > connection to see what > ports are used. You mean shut down my firewall -- on purpose? Ho brother, does that make me nervous, but I guess I can do it for a couple of minutes. Frank > -- > Pete Nesbitt, rhce > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
