[redhat] Re: Remote Desktop/Firewall

Frank Reichenbacher frank at bio-con.com
Wed Apr 28 02:46:19 UTC 2004



> -----Original Message-----
> From: redhat-list-bounces at redhat.com 
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Pete Nesbitt
> Sent: Tuesday, April 27, 2004 6:35 PM
> To: frank at bio-con.com; General Red Hat Linux discussion list
> Subject: [redhat] Re: Remote Desktop/Firewall
> 
> 
> On April 27, 2004 06:06 pm, Frank Reichenbacher wrote:
> > I have pmfirewall (www.pointman.org) running on my RH 7.0 
> server/LAN 
> > Router on a home office setup. It is a simple but effective 
> ipchains 
> > firewall script.
> >
> > I need to use my WinXP desktop on the inside of the home 
> firewall to 
> > communicate with my office WinXP, which is inside a 
> firewalled router 
> > on a Win2K LAN. The home side outernet IP is 66.93.153.62, 
> innernet IP 
> > 192.168.1.2. The office side outernet IP is 64.232.168.34, the 
> > innernet IP is 192.168.1.103.
> >
> > I didn't see in the script a place that closes off the RDP 
> port 3389 
> > specifically, so I added the following two rules at the end of the 
> > script.
> >
> > $IPCHAINS -A input -p tcp -s 64.232.168.34 --source-port 3389 -d 
> > 192.168.1.2 --destination-port 3389 -j ACCEPT
> >
> > I've also tried combinations of ports 0:65535, 3389 and there is no 
> > difference. The logs show that the firewall is denying a return of 
> > bits from the 64.232.168.34 IP on port 65535. I am contacting the 
> > remote network, but it is blocked on my end from returning any 
> > packets.
> >
> > When I run ipchains from the prompt, I see that port 3389 
> is open to 
> > 64.232.168.34, I don't seem to see anything that appears to deny it 
> > afterwards.
> >
> > Frank
> 
> Frank,
> Do you have input, forward and output chains for that port? 
> (as I recall, 
> ipchains needs all 3 to make the path thru the firewall)
> 
> Your routers/gateways must be doing NAT on the outside 
> (presuming an internet 
> connection), so it is not a destination of 192.168.1.2 that 
> the input chain 
> needs to allow, it is destination 66.93.153.62

I'll check on the other stuff. If I allow 66.93.153.62, how do I then
get packets to 192.168.1.2?

Frank


> 
> -- 
> Pete Nesbitt, rhce
> 
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 






More information about the redhat-list mailing list