RE: terminal services connection

Sun, 07 Apr 2002 21:18:17 -0700 

Hi Ian:

        I am having the same problems with DNAT and forwarding. So, if you find a
solution I would like to hear about it.
I am using Redhat 7.2 Kernel 2.4.9-31 iptables 2.4.9-31 with the following
lines in my firewall script. These are the first rules
and all the remaining rules follow them.

iptables -t nat -A PREROUTING -i EXTIF -s $ANYWHERE \
         -p tcp -d $EXTIP --dport 23 -j DNAT --to $TELNET

iptables -A FORWARD -i $EXTIF -o $INTIF -s $ANYWHERE -d $TELNET \
         -p tcp --dport 23 -j ACCEPT

iptables -m state -A FORWARD -i $INTIF -o $EXTIF -s $TELNET -d $ANYWHERE \
         -p tcp --sport 23 --state NEW,ESTABLISHED,RELATED -j ACCEPT

        Everything else works great SNAT, internal forwarding, port blocking, and
access to specific services on the firewall.
machine. I have tried a number of variations from all kinds of HOWTOS and
discussion threads. Try http://www.google.com
and  type in "iptables dnat", you will find a whole bunch of links. This
seems to be a really common problem. Good Luck!
It might help the group if you provide a little more information for the
group. I.e. Versions, ppp or eth etc.

        How about it guru's, is there a problem with DNAT with certain kernels and
iptables
Combinations? Or is there Some other factor that can affect DNAT. I have
tried a number
of ports and internal computers that work otherwise with no luck.

Stu..........








-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of ian highsun
Sent: April 7, 2002 7:48 PM
To: [EMAIL PROTECTED]
Subject: terminal services connection

Hi all,
I am trying to connect a terminal service client via internet and iptables
firewall. My setup is

inet-----|linux|---|hub|---|win2k server terminal services|
i have tried a nat rule of "iptables -t nat -A PREROUTING -i ippp0 -p
tcp --dport 3389 -j DNAT --to-destination win2kserver" and a forward rule
for port 3389 but my client cant connect. Can anyone offer any urls or
advice on connecting terminal service clients through iptables. Thanks in
advance. Ian
--

_______________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

Reply via email to