Problems accessing port 3389

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jack Lauman <jlauman@nwcascades.com>
To: netfilter@vger.kernel.org
Subject: Problems accessing port 3389
Date: Wed, 06 May 2009 16:10:22 -0700	[thread overview]
Message-ID: <4A0218DE.7020006@nwcascades.com> (raw)

I have a Fedora 9 box with 2 NIC's. One public (eth0) and one private 
(eth1). This machine is also the private network gateway.

I have WinXP machine on the private network with a IP of 192.168.123.39. 
I can't access the machine from the public side of the network.

Below is the iptables config file. I'm not sure what's wrong with it. 
Any help would be greatly appreciated.

Thanks,

Jack


# Generated by iptables-save v1.4.1.1 on Wed May  6 15:48:13 2009
*mangle
:PREROUTING ACCEPT [53:5461]
:INPUT ACCEPT [25:2017]
:FORWARD ACCEPT [28:3444]
:OUTPUT ACCEPT [20:3542]
:POSTROUTING ACCEPT [45:6818]
COMMIT
# Completed on Wed May  6 15:48:13 2009
# Generated by iptables-save v1.4.1.1 on Wed May  6 15:48:13 2009
*filter
:INPUT DROP [2:89]
:FORWARD DROP [3:168]
:OUTPUT DROP [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 389 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 901 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3389 -j ACCEPT
-A FORWARD -i eth1 -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j 
ACCEPT
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.123.0/24 -p tcp -m tcp --dport 3389 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Wed May  6 15:48:13 2009
# Generated by iptables-save v1.4.1.1 on Wed May  6 15:48:13 2009
*nat
:PREROUTING ACCEPT [9:554]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [1:660]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 3389 -j DNAT 
--to-destination 192.168.123.39:3389
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed May  6 15:48:13 2009

next             reply	other threads:[~2009-05-06 23:10 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-05-06 23:10 Jack Lauman [this message]
2009-05-07 10:07 ` Problems accessing port 3389 Daniel Huhardeaux

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4A0218DE.7020006@nwcascades.com \
    --to=jlauman@nwcascades.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.