| View previous topic :: View next topic |
| Author |
Message |
markyd
n00b
Joined: 16 Apr 2002
Posts: 44
|
 Posted: Wed Jun 18, 2003 11:15 am Post subject: Forwarding ports to the outside world |
 |
|
ok I run 6 computer at home, one of which acts as an internet gateway for the rest of the machines. Setting this up is easy enough using iptables. I have also managed to get transparent proxying working.
However, what I want to do now is something a bit wierd. The gateway is running gentoo (of course) and is the only computer directly connected to the outside world. One of the computers on the internal lan is running windows xp and what I want to do is have alls request from the outside world on port 3389 (remote desktop) addressed to the gateway forwarded to the win xp box on the internal lan.
Any ideas? |
|
| Back to top |
|
 |
darktux
Veteran
Joined: 16 Nov 2002
Posts: 1086
Location: Coimbra, Portugal
|
| Posted: Wed Jun 18, 2003 12:03 pm Post subject: |
|
|
iptables -t nat -A PREROUTING -p tcp -d your.externel.ip --dport 3389 -j DNAT --to ip.of.your.windows.box
From the top of my head, this is the rule to use.
_________________
Lego my ego, and I'll lego your knowledge
www.tuxslare.org - My reborn website  |
|
| Back to top |
|
|
markyd
n00b
Joined: 16 Apr 2002
Posts: 44
|
| Posted: Thu Jun 19, 2003 12:07 am Post subject: |
|
|
| Thanks that worked perfectly... |
|
| Back to top |
|
|
darktux
Veteran
Joined: 16 Nov 2002
Posts: 1086
Location: Coimbra, Portugal
|
| Posted: Thu Jun 19, 2003 12:49 am Post subject: |
|
|
| markyd wrote: | | Thanks that worked perfectly... |
You'll now have to hop on one leg, put your hands on your waist, and scream: "DARKTUX r0x, AND HE 0WNS ME". 
_________________
Lego my ego, and I'll lego your knowledge
www.tuxslare.org - My reborn website |
|
| Back to top |
|
|
fatcat.00
Tux's lil' helper
Joined: 12 Aug 2002
Posts: 145
|
| Posted: Thu Jun 19, 2003 1:13 am Post subject: |
|
|
Yes that may work, but realize that you have essentially placed your XP box on the outside of your firewall, at least for 3389. Since this is a remote admin tool, I STRONGLY suggest you not do this.
If you can lock down the source address that will help matters, but make darn sure you have a really hard password, AND you keep wired into Microsoft for bug fixes on that service.
IMHO you are asking for trouble, but I am sure you have already weighed the benefits vs. drawbacks.
_________________
-- Fatcat |
|
| Back to top |
|
|
markyd
n00b
Joined: 16 Apr 2002
Posts: 44
|
| Posted: Thu Jun 19, 2003 3:26 am Post subject: Security |
|
|
| Well basically i just wrote a shell script that enables it for 30 mins then disables it. So I don't think its that insecure. Its just as secure as having ssh open on your machine. |
|
| Back to top |
|
|
taskara
Advocate
Joined: 10 Apr 2002
Posts: 3763
Location: Australia
|
| Posted: Thu Jun 19, 2003 5:29 am Post subject: Re: Security |
|
|
| markyd wrote: | | Well basically i just wrote a shell script that enables it for 30 mins then disables it. So I don't think its that insecure. Its just as secure as having ssh open on your machine. |
well not really.. because ssh is running on linux, and this is opening your windows pc up to the outside world, which is a whole other ball game 
_________________
Kororaa install method - have Gentoo up and running quickly and easily, fully automated with an installer! |
|
| Back to top |
|
|
|
Networking & Security
