Redirecting RDP (port 3389) with iptables
5,361
As it seems that all machines are on the same subnet, the Windows computer will try to answer directly to the client without passing through the NAT box (layer 2).
You should SNAT reply packets also, adding :
iptables -t nat -A POSTROUTING -s 10.10.10.7 -p tcp --sport 3389 -j SNAT --to 10.10.10.5
Related videos on Youtube
Author by
Admin
Updated on September 18, 2022Comments
-
Admin over 1 year
I have a Debian server with an IP 10.10.10.5 and a Windows computer with an IP 10.10.10.7. My plan is to make the Debian server forward all RDP traffic to the Windows computer with these iptables rules:
iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to-destination 10.10.10.7:3389 iptables -A FORWARD -p tcp --dport 3389 -j ACCEPT
But for some reason it does not work. I have set IPv4 forwarding to "1".
When I connect directly to the Windows computer from LAN it establishes the RDP connection, but doesn't work through the server. Nmap of 10.10.10.5 returns "filtered" for 3389, but nmap of 10.10.10.7 returns "open". What could be the problem?