Tom, I see what you are trying to do, but the source address of your NAT EXT-LAN packet to the PC will be the address the PC sends the reply to, and that will no doubt go via your default gateway... which is down.
Though, if you had a VPN server enabled on the AstLinux box then you should be able to reach your internal PC. PPTP Server may be the easiest for a quick temporary solution, but OpenVPN Server or IPSec Mobile would be a better long term solution. Lonnie On Dec 10, 2012, at 9:57 AM, Tom Chadwin wrote: > Hi Lonnie > > OK, so that's not the explanation of why my RDP session would not connect. > Basic networking question follows: > > This Astlinux box is not the gateway for our Windows boxes. Does this mean > that, even if I set a port-forward up right on the Astlinux box (which I > think I did), there is no way to get the Windows box to send it's reply via > the Astlinux box, rather than via the normal gateway (which in this instance > was down, which is the problem I am trying to solve)? > > Thanks for all the help > > Tom > > > -----Original Message----- > From: Lonnie Abelbeck [mailto:[email protected]] > Sent: 10 December 2012 15:47 > To: AstLinux Users Mailing List > Cc: Tom Chadwin > Subject: Re: [Astlinux-users] NAT rule > > Hi Tom, > > The Firewall tab's "NAT EXT:" entry specifies which external IP the rule > applies to, by default it is 0/0 which is any external IP. You probably > only have one external IP address. > > So, something like this would work for RDP > -- > NAT EXT-LAN Protocol: TCP Src: 0/0 Port: 3389 Dst: 192.168.100.10 Port: > 3389 NAT EXT: 0/0 > > { Restart Firewall } - _x_ Confirm > -- > > For the advanced, special case where your external interface has more than > one static IP address defined via the Advanced variable EXTIP_ALIAS > (user.conf): > > EXTIP_ALIAS="1.2.3.11" > > In this case, in addition to the static external IP address defined in the > Network tab (assume 1.2.3.10), the 1.2.3.11 address will also be 'aliased' > to the same external interface. For this case when NAT'ing, you can use: > -- > NAT EXT: 1.2.3.10 > -- or -- > NAT EXT: 1.2.3.11 > -- or -- > NAT EXT: 0/0 > -- > to specify if the NAT rule should apply to only 1.2.3.10, or only 1.2.3.11 > or both 0/0. > > Lonnie > > > On Dec 10, 2012, at 8:04 AM, Tom Chadwin wrote: > >> Hello all >> >> Just lost main connection to a remote site, but the Astlinux box (also >> on the LAN) on its own line is up and reachable. I'm therefore trying >> to set up a port forward on the Astlinux box to allow me to RDP from >> here to a Windows box on the LAN. >> >> Have added a "NAT EXT>LAN" rule. This brings up another field labelled >> "NAT EXT", with the default value of 0/0. What is this? Should I enter >> something here? I cannot establish the RDP session yet, so something isn't > working. >> >> Thanks >> >> Tom > > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. > > ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
