Problems accessing port 3389

netfilter.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Problems accessing port 3389
@ 2009-05-06 23:10 Jack Lauman
  2009-05-07 10:07 ` Daniel Huhardeaux
  0 siblings, 1 reply; 2+ messages in thread
From: Jack Lauman @ 2009-05-06 23:10 UTC (permalink / raw)
  To: netfilter

I have a Fedora 9 box with 2 NIC's. One public (eth0) and one private 
(eth1). This machine is also the private network gateway.

I have WinXP machine on the private network with a IP of 192.168.123.39. 
I can't access the machine from the public side of the network.

Below is the iptables config file. I'm not sure what's wrong with it. 
Any help would be greatly appreciated.

Thanks,

Jack


# Generated by iptables-save v1.4.1.1 on Wed May  6 15:48:13 2009
*mangle
:PREROUTING ACCEPT [53:5461]
:INPUT ACCEPT [25:2017]
:FORWARD ACCEPT [28:3444]
:OUTPUT ACCEPT [20:3542]
:POSTROUTING ACCEPT [45:6818]
COMMIT
# Completed on Wed May  6 15:48:13 2009
# Generated by iptables-save v1.4.1.1 on Wed May  6 15:48:13 2009
*filter
:INPUT DROP [2:89]
:FORWARD DROP [3:168]
:OUTPUT DROP [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
-A INPUT -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
-A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 389 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 901 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3389 -j ACCEPT
-A FORWARD -i eth1 -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j 
ACCEPT
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.123.0/24 -p tcp -m tcp --dport 3389 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Wed May  6 15:48:13 2009
# Generated by iptables-save v1.4.1.1 on Wed May  6 15:48:13 2009
*nat
:PREROUTING ACCEPT [9:554]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [1:660]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 3389 -j DNAT 
--to-destination 192.168.123.39:3389
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed May  6 15:48:13 2009

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Problems accessing port 3389
  2009-05-06 23:10 Problems accessing port 3389 Jack Lauman
@ 2009-05-07 10:07 ` Daniel Huhardeaux
  0 siblings, 0 replies; 2+ messages in thread
From: Daniel Huhardeaux @ 2009-05-07 10:07 UTC (permalink / raw)
  To: netfilter

Hello

Jack Lauman a écrit :
> [...]
> *mangle
> :PREROUTING ACCEPT [53:5461]
> :INPUT ACCEPT [25:2017]
> :FORWARD ACCEPT [28:3444]
> :OUTPUT ACCEPT [20:3542]
> :POSTROUTING ACCEPT [45:6818]
> COMMIT
> # Completed on Wed May  6 15:48:13 2009
> # Generated by iptables-save v1.4.1.1 on Wed May  6 15:48:13 2009
> *filter
> :INPUT DROP [2:89]
> :FORWARD DROP [3:168]
> :OUTPUT DROP [0:0]
> :RH-Firewall-1-INPUT - [0:0]
[...]
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 3389 -j ACCEPT
Remove this line and should be OK. Traffic has not to come into eth0 but 
only prerouting+forward.

[...]

-- 
Daniel Huhardeaux       _____ ____ ____ _____ _____ _
enum   +33 368 460 088 (_  __) _  ) _  (_  __) _  _(_)  +48 222 472 472
iaxtel  1-700-849-6983  / / / // / // / / / / /_/ / /  GIZMO,SKYPE,GTALK
sip/iax:callto 101@sip./_/ ( ___( ___/ /_/ (_/ (_/_/.net   tootaiNET


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2009-05-07 10:07 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-05-06 23:10 Problems accessing port 3389 Jack Lauman
2009-05-07 10:07 ` Daniel Huhardeaux

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).