Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> debian open TSE port, 3389 closed ?
milo974
post Jan 3 2006, 01:59 AM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 2
Joined: 3-January 06
Member No.: 5,929



hello,
i ve installed a debian gnu 3.1 with squid.
On a workstation (xp) i can't access to my windows 2003 server.
the 3389 is closed
If i put the router as gateway it 's good
if i put the proxy as gateway i can't access to my server 2003, can you help me?
Go to the top of the page
 
+Quote Post
Robert83
post Jan 4 2006, 05:31 AM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Hi,

since I don't understand 100% what you are trying to do, I will try to imagine it (see bellow smile.gif ) :

SQUID proxy server listening on port 3389
CODE
INTERNET eth2<-->SQUID ___eth0 192.168.0.250  <----> Windows XP Client
                            |_______eth1 192.168.1.250 <----> Windows 2003 client

you must do the following on the squid server

CODE
vi /etc/rc.d/rc.local


press i, then type echo "1" > /proc/sys/net/ipv4/ip_forward , then press ESC
then type :wq , restart computer.

Also if SQUID is the firewall machine as well, then you must make sure, that port 3389 is accessible by internal servers only.

example :
CODE
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -A FORWARD -i eth0 -o eth2 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth2 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -s xxx.xxx.xxx.xxx -j ACCEPT # ip address of firewall eth0
iptables -A OUTPUT -s yyy.yyy.yyy.yyy -j ACCEPT # ip address of firewall eth1
iptables -A OUTPUT -s zzz.zzz.zzz.zzz -j ACCEPT # ip address of firewall eth2


then you can save this filew as iptables-script , do a chmod 755 iptables-script , and then run it with ./iptables-script , you could put it to your /root dir and then make a entry for it in /etc/rc.d/rc.local

./root/iptables-script

then you will use for windows xp client gateway 192.168.0.250, for windows 2003 gateway 192.168.1.250, and you will be able to ping 192.168.0.250 from win2003, and 192.168.1.250 from winxp.

Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 14th December 2017 - 05:09 AM