Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )

Advanced DNS Management
New ZoneEdit. New Managment.


Sign Up Now
Reply to this topicStart new topic
> debian open TSE port, 3389 closed ?
post Jan 3 2006, 01:59 AM
Post #1

Whats this Lie-nix Thing?

Group: Members
Posts: 2
Joined: 3-January 06
Member No.: 5,929

i ve installed a debian gnu 3.1 with squid.
On a workstation (xp) i can't access to my windows 2003 server.
the 3389 is closed
If i put the router as gateway it 's good
if i put the proxy as gateway i can't access to my server 2003, can you help me?
Go to the top of the page
+Quote Post
post Jan 4 2006, 05:31 AM
Post #2

Its GNU/

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


since I don't understand 100% what you are trying to do, I will try to imagine it (see bellow smile.gif ) :

SQUID proxy server listening on port 3389
INTERNET eth2<-->SQUID ___eth0  <----> Windows XP Client
                            |_______eth1 <----> Windows 2003 client

you must do the following on the squid server

vi /etc/rc.d/rc.local

press i, then type echo "1" > /proc/sys/net/ipv4/ip_forward , then press ESC
then type :wq , restart computer.

Also if SQUID is the firewall machine as well, then you must make sure, that port 3389 is accessible by internal servers only.

example :
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A FORWARD -i eth0 -o eth2 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth2 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -s -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -s -j ACCEPT
iptables -A OUTPUT -s -j ACCEPT # ip address of firewall eth0
iptables -A OUTPUT -s yyy.yyy.yyy.yyy -j ACCEPT # ip address of firewall eth1
iptables -A OUTPUT -s zzz.zzz.zzz.zzz -j ACCEPT # ip address of firewall eth2

then you can save this filew as iptables-script , do a chmod 755 iptables-script , and then run it with ./iptables-script , you could put it to your /root dir and then make a entry for it in /etc/rc.d/rc.local


then you will use for windows xp client gateway, for windows 2003 gateway, and you will be able to ping from win2003, and from winxp.

Robert B

Robert Becskei
May the source be with us!
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
Go to the top of the page
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:


RSS Lo-Fi Version Time is now: 18th June 2018 - 06:19 PM