-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Check that /proc/sys/net/ipv4/ip_forward is set to "1". $ cat /proc/sys/net/ipv4/ip_forward If not then: $ sudo echo 1 >/proc/sys/net/ipv4/ip_forward On Friday 14 March 2003 12:54 am, Martin Schoeman wrote: > I have a W2K server on my internal LAN xxx.xxx.xxx.xxx (private ip) > I am using iptables and need to connect from the outside to the W2K server > using MS Terminal Service. > I need to open and forward port 3389 TCP and UDP for this to work as far as > I know > > This is what I came up with so far. All services works except this > > *nat > -A PREROUTING -p tcp -m tcp --dport 3389 -j DNAT --to-destination > xxx.xxx.xxx.xxx > -A POSTROUTING -o eth0 -j SNAT --to-source yyy.yyy.yyy.yyy (server external > eth0) > -A PREROUTING -p udp -m udp --dport 3389 -j DNAT --to-destination > xxx.xxx.xxx.xxx > > *filter > -A FORWARD -p tcp -m tcp --dport 3389 -j ACCEPT > -A FORWARD -p udp -m udp --dport 3389 -j ACCEPT > -A INPUT -p tcp -m tcp -s 0/0 --dport 3389 -j ACCEPT > -A INPUT -p udp -m udp -s 0/0 --dport 3389 -j ACCEPT - -- Stephen Carville http://www.heronforge.net/~stephen/gnupgkey.txt =========================================== The difference between robbery and taxes is simple: The first is someone threatening to hurt you if you do not give them your money. The second is legal. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+c3MISEs8eqGTwqYRAkldAJ4rX4Q1Haw+t6TaiBJHQxVK36J4VQCfeAte 2QapqtEmr8662fahKl62xwc= =eP57 -----END PGP SIGNATURE----- -- Psyche-list mailing list Psyche-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/psyche-list
