What Iptables rules need I to forward a windows remote desktop connection?
Solution 1
So just giving you this rule probably won't be enough. Here's why: I'm not sure if (a) it'll work right (haven't tested it) and (b) if it does work it'll do more than work - it'll probably forward RDP packets to ANY machines in your network. The dilemma is, how to get the right IP address for the -d nnn.nnn.nnn.nnn/nnn argument. So... buyer beware; if 0/0 works it'll probably work to ALL machines behind your router.
Anyways, here you go:
iptables -A FORWARD -p tcp -s 0/0 -d 0/0 --destination-port 3389 -j ACCEPT
Here's some good reading on iptables: http://oceanpark.com/notes/firewall_example.html
Regards,
-pbr
Solution 2
You need to create a destination NAT (DNAT) rule to map the RDP (3389) on your internet connection's IP address to your internal systems IP address. Something like this:
iptables -t nat -A PREROUTING -i $EXTIF -p tcp --dport 3389 -j DNAT --to 192.168.0.1:3389
Replace $EXTIF with your external ethernet adapter (eth0, etc1,...). You can read this for more information (or if I got something wrong in this example, I didn't test it)
Related videos on Youtube
apelliciari
Updated on September 17, 2022Comments
-
apelliciari over 1 year
I have this situation:
network mask. 255.255.255.0
router/gateway: Ubuntu server (only command line, no gui) with internal lan ip 192.168.0.2 and a dynamic dns on the external ip
Windows pc on 192.168.0.1 with RDP (remote desktop connection) enabled on 3389
I want to forward the RDP service on the external address: how can i do that?
What are the iptables rules I need to connect to my Windows pc from the outside world?
-
apelliciari over 14 years3389, as i wrote before. Yes, i need only 3389 udp, but i don't know how to "construct" iptables rules for that forwarding.. i need a hint, googled it but i haven't found a clear explanation :(
-
apelliciari over 14 yearsi need that iptable rule! i don't know the right syntax to forward 3389 tcp and udp to that computer from the server
-
pbr over 14 yearsAlso you might have to repeat the line with "-p udp" instead of "-p tcp"
-
mike over 14 yearsusing yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html you can go over your basics and start your model for your system. not using a standard router and tring to use a linux server is great but you i need to know your set up before i can give you the syntax but this website should clear up setting your iptables and ipchains for port forwarding