Iptables configuration

[bkesting]

I would like to be able to access my Windows 2003 server from home via remote desktop. I have a linux box that serves as a router/firewall for my corporate network and I only want my home IP to be able to connect in this manner. Would the following iptables commands allow me to connect from home:

-A PREROUTING -t -nat -i $EXT_NIC -p tcp --dport 3389 -j DNAT --to <ip_address_local_server>

-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

-A FORWARD -i $EXT_NIC -s <home_ip_address> -p tcp --dport 3389 -j ACCEPT

 

[QatQat]

The prerouting statement should be as follows

-A PREROUTING -t -nat -i $EXT_NIC -p tcp --dport 3389 -j DNAT --to-destination <ip_address_local_server>:3389

However I woud not recommend that.

Rather keep port 3389 closed and tunnel in using ssh.

something like

ssh -L3391:local_ip_address_windoz_server:3389 linux_router_address

I have changed 3389 to 3391 just in case you are running remote desktop from windoz.
in that case your own display talks on port 3389 so you would see your own computer when connecting.

so to connect using windoz after executing the ssh connection run remotedesktop with address localhost:3391

or if you are using linux and rdesktop

rdesktop localhost:3391 -g 1024x768 -u administrator -p your _password

where -g specifies the resolution of the display you want to launch on rdesktop.

I prefer to tunnel remote desktop connections because I am not too sure the traffic on port 3389 is encrypted and normally I don't trust any microsoft protocol by default.






QatQat

If I could have sex each time I reboot my server, I would definitely prefer Windoz over Linux!

 

[bkesting]

Thanks for the information!