Remote Desktop/Firewall
Pete Nesbitt
pete at linux1.ca
Wed Apr 28 01:35:02 UTC 2004
On April 27, 2004 06:06 pm, Frank Reichenbacher wrote:
> I have pmfirewall (www.pointman.org) running on my RH 7.0 server/LAN
> Router on a home office setup. It is a simple but effective ipchains
> firewall script.
>
> I need to use my WinXP desktop on the inside of the home firewall to
> communicate with my office WinXP, which is inside a firewalled router on
> a Win2K LAN. The home side outernet IP is 66.93.153.62, innernet IP
> 192.168.1.2. The office side outernet IP is 64.232.168.34, the innernet
> IP is 192.168.1.103.
>
> I didn't see in the script a place that closes off the RDP port 3389
> specifically, so I added the following two rules at the end of the
> script.
>
> $IPCHAINS -A input -p tcp -s 64.232.168.34 --source-port 3389 -d
> 192.168.1.2 --destination-port 3389 -j ACCEPT
>
> I've also tried combinations of ports 0:65535, 3389 and there is no
> difference. The logs show that the firewall is denying a return of bits
> from the 64.232.168.34 IP on port 65535. I am contacting the remote
> network, but it is blocked on my end from returning any packets.
>
> When I run ipchains from the prompt, I see that port 3389 is open to
> 64.232.168.34, I don't seem to see anything that appears to deny it
> afterwards.
>
> Frank
Frank,
Do you have input, forward and output chains for that port? (as I recall,
ipchains needs all 3 to make the path thru the firewall)
Your routers/gateways must be doing NAT on the outside (presuming an internet
connection), so it is not a destination of 192.168.1.2 that the input chain
needs to allow, it is destination 66.93.153.62
--
Pete Nesbitt, rhce
More information about the redhat-list
mailing list