Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] Susefirewall2 rdp access nightmare
  • From: Chadley Wilson <chadley@xxxxxxxxx>
  • Date: Thu, 6 Oct 2005 21:27:02 +0200
  • Message-id: <200510062127.02112.chadley@xxxxxxxxx>
On Thursday 06 October 2005 09:46, engelbert.gruber@xxxxxxxxx wrote:

> how is you rnetwork layout ?
>
>
> internet --- fw --- internal
>
> where are the rdp servers (from above it sounds like one is internal and
> some are external).
>
> do you have NAT active ? if so you need something to forward connections
> to the inside server.
>
> try from internal first :
>
> * is protect from internal active ?
> * is routing active ?
>
> cheers

OK !
196.100.100.0/24 is internal <--> 196.100.100.208---$EXTIP <--> Internet
I have a pc 196.100.100.2 <--> 196.100.100.208 -- $EXTIP <---> Internet <-->
Remote PC

I have added these rules as suggested earlier by Taras (Thanks)
I can access the remote PC over the internet, But it still can't access my
internal PC..

iptables -t nat -A PREROUTING -i eth1 -p tcp -s 0/0 -d 196.31.62.99 --dport
3389 -j DNAT --to-destination 196.100.100.2:3389

iptables -t nat -A POSTROUTING -s 196.100.100.0/24 -o eth1 -j SNAT --to-source
196.31.62.99

iptables -A FORWARD -s 196.100.100.2 -d 0/0 -j ACCEPT

Seems I am missing a redirect or something?


--
--
Chadley Wilson
Production Line Superintendant
Pinnacle Micro
Manufacturers of Proline Computers
====================================
Exercise freedom, Use LINUX
=====================================

< Previous Next >