Susefirewall2 rdp access nightmare
Greetings, could some one please assist me here, I need to open a port on our firewall for rdp port 3389 I have added the port number to allowed service on the external zone under advanced. We still can't rdp remote machines on the internet. We also have a machine internally which must be accessable from internet. How can I do this on Susefirewall2, I canpost you my iptables-save if you need it! TIA -- -- Chadley Wilson Production Line Superintendant Pinnacle Micro Manufacturers of Proline Computers ==================================== Exercise freedom, Use LINUX =====================================
On Wednesday 05 October 2005 11:47, Chadley Wilson wrote:
Greetings,
could some one please assist me here, I need to open a port on our firewall for rdp port 3389 I have added the port number to allowed service on the external zone under advanced.
We still can't rdp remote machines on the internet.
We also have a machine internally which must be accessable from internet.
How can I do this on Susefirewall2,
I canpost you my iptables-save if you need it!
TIA -- -- Chadley Wilson Production Line Superintendant Pinnacle Micro Manufacturers of Proline Computers ==================================== Exercise freedom, Use LINUX =====================================
Guys, I still can't get it to work, Maybe I should put the the PC on the internal interface into a DMZ zone, could anyone here help me with that ,if it is a good idea? TIA -- -- Chadley Wilson Production Line Superintendant Pinnacle Micro Manufacturers of Proline Computers ==================================== Exercise freedom, Use LINUX =====================================
On Thu, 6 Oct 2005, Chadley Wilson wrote:
On Wednesday 05 October 2005 11:47, Chadley Wilson wrote:
Greetings,
could some one please assist me here, I need to open a port on our firewall for rdp port 3389 I have added the port number to allowed service on the external zone under advanced.
We still can't rdp remote machines on the internet.
We also have a machine internally which must be accessable from internet.
How can I do this on Susefirewall2,
I canpost you my iptables-save if you need it!
Guys, I still can't get it to work, Maybe I should put the the PC on the internal interface into a DMZ zone, could anyone here help me with that ,if it is a good idea?
how is you rnetwork layout ? internet --- fw --- internal where are the rdp servers (from above it sounds like one is internal and some are external). do you have NAT active ? if so you need something to forward connections to the inside server. try from internal first : * is protect from internal active ? * is routing active ? cheers
On Thursday 06 October 2005 09:46, engelbert.gruber@ssg.co.at wrote:
how is you rnetwork layout ?
internet --- fw --- internal
where are the rdp servers (from above it sounds like one is internal and some are external).
do you have NAT active ? if so you need something to forward connections to the inside server.
try from internal first :
* is protect from internal active ? * is routing active ?
cheers
OK ! 196.100.100.0/24 is internal <--> 196.100.100.208---$EXTIP <--> Internet I have a pc 196.100.100.2 <--> 196.100.100.208 -- $EXTIP <---> Internet <--> Remote PC I have added these rules as suggested earlier by Taras (Thanks) I can access the remote PC over the internet, But it still can't access my internal PC.. iptables -t nat -A PREROUTING -i eth1 -p tcp -s 0/0 -d 196.31.62.99 --dport 3389 -j DNAT --to-destination 196.100.100.2:3389 iptables -t nat -A POSTROUTING -s 196.100.100.0/24 -o eth1 -j SNAT --to-source 196.31.62.99 iptables -A FORWARD -s 196.100.100.2 -d 0/0 -j ACCEPT Seems I am missing a redirect or something? -- -- Chadley Wilson Production Line Superintendant Pinnacle Micro Manufacturers of Proline Computers ==================================== Exercise freedom, Use LINUX =====================================
participants (2)
-
Chadley Wilson
-
engelbert.gruber@ssg.co.at