Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] Susefirewall2 rdp access nightmare
  • From: Polarizer <Polarizer@xxxxxxxxxx>
  • Date: Wed, 05 Oct 2005 12:35:34 +0200
  • Message-id: <20051005103451.27E4582B9@xxxxxxxxxxx>
For outgoing requests try

FW_MASQ_NETS="x.x.x.x/24,y.y.y.y/32,tcp,3389"

where you have to replace x.x.x.x with your private ip block and
y.y.y.y with the ip of the external rdp server.

for incoming requests try

FW_FORWARD_MASQ="0.0.0.0/0,x.x.x.x,tcp,3389" where x.x.x.x
is to replace with the ip of your internal rdp server.

CAUTION: This opens up a big security hole!!! It's a good
idea to restrict the incoming ip range to dedicated addresses.
Another good idea is to put the rdp server into a DMZ. To
access the internal server i would suggest to use a ssh tunnel
or a vpn via ipsec instead of "FW_FORWARD_MASQ"

Check /var/log/firewall if it still fails.

the polarizer
http://www.codixx.de/polarizer.html

< Previous Next >
This Thread
  • No further messages