This is what I have and it works just fine: # Set masquerading for internal network # $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT $IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE
# Port forwarding rules # $IPTABLES -A PREROUTING -t nat -p tcp -d $CURR_IP --dport 3389 -j DNAT --to $YOUR_TS_BOX:3389 $EXTIF is the name of your external interface name (eth0, etc.) Same for $INTIF. Since I'm on a semi-dynamic network $CURR_IP is the current IP address for my external interface. $YOUR_TS_BOX is the IP of the box that has TS on it. You may not need/want the MASQUERADE rule if you are not masquerading on your internal network. Obviously you need to allow access to the TS port on the external interface to 0/0 if you want to get to it from anywhere, or you have to specify specific IP's/networks that are allowed to access 3389. Hope this helps, Andy. -----Original Message----- From: Marco Hainaut [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 9:47 AM To: [EMAIL PROTECTED] Subject: Re: accessing a terminal sever through iptables Hi, I tkx U for your answer, Again about accessing terminal server ... but, have U a exemple of iptables U use to obtain a good result with the connection , I try to make rules with the port U said but it seems it doen't worik ! ! My rules are like this : iptables -A INPUR -i $EXTIF -m state --state NEW, ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d $EXTIP --dport 3389 -j ACCEPT iptables -t nat -A PREROUTING -i $EXTIF -p tcp --dport 3389 -j DNAT --to 192.168.1.nn iptables -A FORWARD -p tcp --dport 3389 -m state --state NEW,ESTABLISHED,RELATED -d 192.168.1.nn -j ACCEPT where $EXTIF = eth0 $EXTIP = ip of eth0 192.168.1.nn = ip of the windows 2000 server running terminal server What's wrong ? ? At 02:13 8/11/2002 -0500, you wrote: >On Fri, 8 Nov 2002, Marco Hainaut wrote: > > > I need to make rules with iptables to let access from the outside ( > > specific machine (i think mac address) ) to a w2K advanced server running > > terminal server in the local network to run a specific application. > > > > I don't see exactly what I must do !! I don't know which ports are used .. > > > >Terminal Services uses 3389/tcp -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
