[redhat] Re: Remote Desktop/Firewall
Frank Reichenbacher
frank at bio-con.com
Wed Apr 28 02:46:19 UTC 2004
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Pete Nesbitt
> Sent: Tuesday, April 27, 2004 6:35 PM
> To: frank at bio-con.com; General Red Hat Linux discussion list
> Subject: [redhat] Re: Remote Desktop/Firewall
>
>
> On April 27, 2004 06:06 pm, Frank Reichenbacher wrote:
> > I have pmfirewall (www.pointman.org) running on my RH 7.0
> server/LAN
> > Router on a home office setup. It is a simple but effective
> ipchains
> > firewall script.
> >
> > I need to use my WinXP desktop on the inside of the home
> firewall to
> > communicate with my office WinXP, which is inside a
> firewalled router
> > on a Win2K LAN. The home side outernet IP is 66.93.153.62,
> innernet IP
> > 192.168.1.2. The office side outernet IP is 64.232.168.34, the
> > innernet IP is 192.168.1.103.
> >
> > I didn't see in the script a place that closes off the RDP
> port 3389
> > specifically, so I added the following two rules at the end of the
> > script.
> >
> > $IPCHAINS -A input -p tcp -s 64.232.168.34 --source-port 3389 -d
> > 192.168.1.2 --destination-port 3389 -j ACCEPT
> >
> > I've also tried combinations of ports 0:65535, 3389 and there is no
> > difference. The logs show that the firewall is denying a return of
> > bits from the 64.232.168.34 IP on port 65535. I am contacting the
> > remote network, but it is blocked on my end from returning any
> > packets.
> >
> > When I run ipchains from the prompt, I see that port 3389
> is open to
> > 64.232.168.34, I don't seem to see anything that appears to deny it
> > afterwards.
> >
> > Frank
>
> Frank,
> Do you have input, forward and output chains for that port?
> (as I recall,
> ipchains needs all 3 to make the path thru the firewall)
>
> Your routers/gateways must be doing NAT on the outside
> (presuming an internet
> connection), so it is not a destination of 192.168.1.2 that
> the input chain
> needs to allow, it is destination 66.93.153.62
I'll check on the other stuff. If I allow 66.93.153.62, how do I then
get packets to 192.168.1.2?
Frank
>
> --
> Pete Nesbitt, rhce
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list