[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Susefirewall2 rdp access nightmare



On Thursday 06 October 2005 09:46, engelbert.gruber@xxxxxxxxx wrote:

> how is you rnetwork layout ?
>
>
>   internet --- fw --- internal
>
> where are the rdp servers (from above it sounds like one is internal and
> some are external).
>
> do you have NAT active ? if so you need something to forward connections
> to the inside server.
>
> try from internal first :
>
> * is protect from internal active ?
> * is routing active ?
>
> cheers

OK ! 
196.100.100.0/24 is internal <--> 196.100.100.208---$EXTIP <--> Internet
I have a pc 196.100.100.2 <--> 196.100.100.208 -- $EXTIP <---> Internet <--> 
Remote PC

I have added these rules as suggested earlier by Taras (Thanks)
I can access the remote PC over the internet, But it still can't access my 
internal PC..

iptables -t nat -A PREROUTING -i eth1 -p tcp -s 0/0 -d 196.31.62.99 --dport 
3389 -j DNAT --to-destination 196.100.100.2:3389

iptables -t nat -A POSTROUTING -s 196.100.100.0/24 -o eth1 -j SNAT --to-source 
196.31.62.99

iptables -A FORWARD -s 196.100.100.2 -d 0/0 -j ACCEPT

Seems I am missing a redirect or something?


-- 
--
Chadley Wilson
Production Line Superintendant
Pinnacle Micro
Manufacturers of Proline Computers
====================================
Exercise freedom, Use LINUX
=====================================

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here