[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Susefirewall2 rdp access nightmare



For outgoing requests try

FW_MASQ_NETS="x.x.x.x/24,y.y.y.y/32,tcp,3389"

where you have to replace x.x.x.x with your private ip block and
y.y.y.y with the ip of the external rdp server.

for incoming requests try

FW_FORWARD_MASQ="0.0.0.0/0,x.x.x.x,tcp,3389" where x.x.x.x
is to replace with the ip of your internal rdp server.

CAUTION: This opens up a big security hole!!! It's a good
idea to restrict the incoming ip range to dedicated addresses.
Another good idea is to put the rdp server into a DMZ. To
access the internal server i would suggest to use a ssh tunnel
or a vpn via ipsec instead of "FW_FORWARD_MASQ"

Check /var/log/firewall if it still fails.

the polarizer
http://www.codixx.de/polarizer.html

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here