- Hello I have a Suse linux server in a privat net 10.10.10.240 and a public adress i mapped to that adress. I like to make a windows machine with another privat adress, eks 10.10.10.241 and I like to make a nat on port 3389 from 10.10.10.240 to 10.10.10.241 will somebody give me the setup for this? I have tryed but it did not work. /tage [Message truncated. Tap Edit->Mark for Download to get remaining portion.] -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2007-05-14 10:11, Tage Danielsen wrote:
- Hello
I have a Suse linux server in a privat net 10.10.10.240 and a public adress i mapped to that adress. I like to make a windows machine with another privat adress, eks 10.10.10.241 and I like to make a nat on port 3389 from 10.10.10.240 to 10.10.10.241 will somebody give me the setup for this? I have tryed but it did not work. You do not say anything about the topology of your network. Does 10.10.10.240 also act as the gateway/router/firewall for the internet?
-- Moral indignation is jealousy with a halo. -- HG Wells -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Darryl Gregorash wrote:
On 2007-05-14 10:11, Tage Danielsen wrote:
- Hello
I have a Suse linux server in a privat net 10.10.10.240 and a public adress i mapped to that adress. I like to make a windows machine with another privat adress, eks 10.10.10.241 and I like to make a nat on port 3389 from 10.10.10.240 to 10.10.10.241 will somebody give me the setup for this? I have tryed but it did not work.
You do not say anything about the topology of your network. Does 10.10.10.240 also act as the gateway/router/firewall for the internet?
The adress 10.10.10.240 is the server adress, and I have a Cisco router on 10.10.10.1 the router has a public adress, and it map another public adress to my server. So the server is acting as it's own firewall, because the router is mapping the public adress to the server and send all traffic to this. So what I need is to make a win2003 server with it's own privat ip adress, and the port service 3389 take that from the suse linux ver 10.0 server, and route that for the win2003. I have tryed som several commands, but without any result. Thanks for you help Tage -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
<snip>
The adress 10.10.10.240 is the server adress, and I have a Cisco router on 10.10.10.1 the router has a public adress, and it map another public adress to my server. So the server is acting as it's own firewall, because the router is mapping the public adress to the server and send all traffic to this. Just set the router to map 0/0:3389 to the Win2003 server. It's probably far more complicated and much more difficult to map everything to the SuSE server, then have it remap this one port to the Win server. It would also require the Win server to send traffic from this port (only) back through the SuSE server, while everything else is sent directly to
On 2007-05-15 22:38, Tage Danielsen wrote: the router. -- Moral indignation is jealousy with a halo. -- HG Wells -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hello Tage... You didn't mention why you wanted to do this, but port since 3389 is the "RDP" port I assume you want RDP access to your WINDOWS 2003 machine from the internet. You didnot mention any type of securtiy you have in place. So Assuming you want what I do all the time, namely secure remote access to machines in your network, I offer the follwoing solution: I use SSH for secure remote access. I use it ssh tunnels to build secure (encrypted) access to my local network. I use something like the following: ssh -L 3390:10.0.0.241:3389 jerry@machine.XXX.com This connects to the ssh server on machine.XXX.com (In your case the SUSE server at 10.0.0.240) asks you for your username and password. then setups the following secure tunnel: entrance in tcp:3390 on the local machine. ie each package sent to 3390 on the local machine is encrypted and forwarded to 10.10.10.240, where it is decrypted, and sent (in the open) to 10.10.10.241:3389 This method works fine for RDP and many other applications. It does not require that you mess with the firewalls Has added value of security and is easy to setup. Additionally, SSH also offers a file transfer protocol, so you can get secure access to the files on 10.10.10.240. The only disadvantage is that Windows does not come with an SSH client, so that you will have download an install one. The Defacto standard is "Putty". And the one almost every one uses. While you are connected to the internet you should also download winscp3 which will give you access to the files on 10.10.10.240 Well a big explanation based on a whole bunch of assumptions... If you decide to go this way, I can help give you some tips on improving the default SUSE SSH configuration for type access... Jerry On Wednesday 16 May 2007 07:27, Darryl Gregorash wrote:
On 2007-05-15 22:38, Tage Danielsen wrote:
<snip>
The adress 10.10.10.240 is the server adress, and I have a Cisco router on 10.10.10.1 the router has a public adress, and it map another public adress to my server. So the server is acting as it's own firewall, because the router is mapping the public adress to the server and send all traffic to this.
Just set the router to map 0/0:3389 to the Win2003 server. It's probably far more complicated and much more difficult to map everything to the SuSE server, then have it remap this one port to the Win server. It would also require the Win server to send traffic from this port (only) back through the SuSE server, while everything else is sent directly to the router.
-- Moral indignation is jealousy with a halo. -- HG Wells -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday May 16 2007 5:27:48 am Jerome R. Westrick wrote: <snip> Excellent method to use SSH in a situation such as Tage's.
Well a big explanation based on a whole bunch of assumptions... If you decide to go this way, I can help give you some tips on improving the default SUSE SSH configuration for type access...
Jerry
Please send your tips on improving the default openSUSE SSH config in to the list so we can have them in the archives. Thanks, -- Stan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jerome R. Westrick wrote:
Hello Tage...
You didn't mention why you wanted to do this, but port since 3389 is the "RDP" port I assume you want RDP access to your WINDOWS 2003 machine from the internet.
You didnot mention any type of securtiy you have in place.
So Assuming you want what I do all the time, namely secure remote access to machines in your network, I offer the follwoing solution:
I use SSH for secure remote access. I use it ssh tunnels to build secure (encrypted) access to my local network.
I use something like the following:
ssh -L 3390:10.0.0.241:3389 jerry@machine.XXX.com This connects to the ssh server on machine.XXX.com (In your case the SUSE server at 10.0.0.240)
asks you for your username and password. then setups the following secure tunnel: entrance in tcp:3390 on the local machine. ie each package sent to 3390 on the local machine is encrypted and forwarded to 10.10.10.240, where it is decrypted, and sent (in the open) to 10.10.10.241:3389
This method works fine for RDP and many other applications. It does not require that you mess with the firewalls Has added value of security and is easy to setup.
Additionally, SSH also offers a file transfer protocol, so you can get secure access to the files on 10.10.10.240.
The only disadvantage is that Windows does not come with an SSH client, so that you will have download an install one.
The Defacto standard is "Putty". And the one almost every one uses. While you are connected to the internet you should also download winscp3 which will give you access to the files on 10.10.10.240
Well a big explanation based on a whole bunch of assumptions... If you decide to go this way, I can help give you some tips on improving the default SUSE SSH configuration for type access...
Jerry
On Wednesday 16 May 2007 07:27, Darryl Gregorash wrote:
On 2007-05-15 22:38, Tage Danielsen wrote:
<snip>
The adress 10.10.10.240 is the server adress, and I have a Cisco router on 10.10.10.1 the router has a public adress, and it map another public adress to my server. So the server is acting as it's own firewall, because the router is mapping the public adress to the server and send all traffic to this.
Just set the router to map 0/0:3389 to the Win2003 server. It's probably far more complicated and much more difficult to map everything to the SuSE server, then have it remap this one port to the Win server. It would also require the Win server to send traffic from this port (only) back through the SuSE server, while everything else is sent directly to the router.
-- Moral indignation is jealousy with a halo. -- HG Wells
Hello, - Thanks to Jerry, it sound like a good solution, but can the windows client easy connect to the server?
You see, I have a internet connection with 8 ekstra IP's and each of this IP is mapped down to a privat IP, and I feel that it is not a good idea to give the windows server a public IP where all port service is open. My cisco router is routing all port service down to my servers, I am using Suse server now for 6 years that way, and have no problem with this, but I am afraid forthe windows server, that is the reason for to route just rdp servise fromone of my linux server to the windows server. I am unable to make that fix in the router, that is the whole IP or nothing. If I can use Jerrys suggest i like to try this, but it have to bee easy for the windows users to use rdp. Next what do I have to do? Regards Tage -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2007-05-16 at 19:35 +0200, Tage Danielsen wrote:
You see, I have a internet connection with 8 ekstra IP's and each of this IP is mapped down to a privat IP, and I feel that it is not a good idea to give the windows server a public IP where all port service is open. My cisco router is routing all port service down to my servers, I am using Suse server now for 6 years that way, and have no problem with this, but I am afraid forthe windows server, that is the reason for to route just rdp servise fromone of my linux server to the windows server. I'm not exactly sure but without NAT on at your linux and assign a different subnet between the Linux and your widows server, I don't think you can "map" a port access to 10.10.10.240 to your windows server. In other words, double NATting is necessary, like:
x.x.x.x(a public IP at CISCO:1st NAT)->mapped to 10.10.10.240(at Linux:2nd NAT)->mapped to 192.168.0.1/24. Toshi -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 16 May 2007 19:35, Tage Danielsen wrote:
If I can use Jerrys suggest i like to try this, but it have to bee easy for the windows users to use rdp.
Next what do I have to do?
Regards Tage
Yes, it can be setup to be easy to use. but does require that the user do one additional step: Step 1) Double Click Tunnels Icon, enter username/password Step 2) Double click one (or more) RDP session Icons. I would start by testing it yourself. Once you get the feel for it and have set up the configurations Icons ect. you can install putty on the other windows machines and pass it out to your clients. Basically, all you have to do is to open the ssh port on the SUSE Firewall, (check that ssh is started, I think that is default in SUSE) Install putty and configure a tunnel... Hmmm, I've done documentation for this once upon a time, let me look... See if the following document helps: http://home.intergga.ch/Westrick/Using SSH tunnels from M$ Windows.pdf it uses VNC as example (instead of RDP as you are trying to Use) I change the SUSE SSH Configuration as follows: 1- Create User Group to control access - Create Group remotesh, - Add users that are allowed remote access to the group. 2- In file /etc/ssh/sshd_config add the following lines: - AllowGroups remotesh - GatewayPorts yes - X11DisplayOffset 50 - X11Forwarding yes 3- In file /etc/ssh/ssh_config Add lines: - ForwardAgent yes - ForwardX11 yes Addtionally, I change the port of the ssh server so as to avoid the Password attack currently infetcting the internet. Granting / Revoking remote acces on a user basis can now be controlled via YAST; by adding removing specific users from the remotesh group! Jerry -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (5)
-
Darryl Gregorash -
Jerome R. Westrick -
S Glasoe -
Tage Danielsen -
Toshi Esumi