hello,
i ve installed a debian gnu 3.1 with squid.
On a workstation (xp) i can't access to my windows 2003 server.
the 3389 is closed
If i put the router as gateway it 's good
if i put the proxy as gateway i can't access to my server 2003, can you help me?
Full Version: debian open TSE port
Hi,
since I don't understand 100% what you are trying to do, I will try to imagine it (see bellow
) :
SQUID proxy server listening on port 3389
you must do the following on the squid server
press i, then type echo "1" > /proc/sys/net/ipv4/ip_forward , then press ESC
then type :wq , restart computer.
Also if SQUID is the firewall machine as well, then you must make sure, that port 3389 is accessible by internal servers only.
example :
then you can save this filew as iptables-script , do a chmod 755 iptables-script , and then run it with ./iptables-script , you could put it to your /root dir and then make a entry for it in /etc/rc.d/rc.local
./root/iptables-script
then you will use for windows xp client gateway 192.168.0.250, for windows 2003 gateway 192.168.1.250, and you will be able to ping 192.168.0.250 from win2003, and 192.168.1.250 from winxp.
Sincerely
Robert B
since I don't understand 100% what you are trying to do, I will try to imagine it (see bellow
) :SQUID proxy server listening on port 3389
CODE
INTERNET eth2<-->SQUID ___eth0 192.168.0.250 <----> Windows XP Client
|_______eth1 192.168.1.250 <----> Windows 2003 client
|_______eth1 192.168.1.250 <----> Windows 2003 client
you must do the following on the squid server
CODE
vi /etc/rc.d/rc.local
press i, then type echo "1" > /proc/sys/net/ipv4/ip_forward , then press ESC
then type :wq , restart computer.
Also if SQUID is the firewall machine as well, then you must make sure, that port 3389 is accessible by internal servers only.
example :
CODE
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A FORWARD -i eth0 -o eth2 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth2 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -s xxx.xxx.xxx.xxx -j ACCEPT # ip address of firewall eth0
iptables -A OUTPUT -s yyy.yyy.yyy.yyy -j ACCEPT # ip address of firewall eth1
iptables -A OUTPUT -s zzz.zzz.zzz.zzz -j ACCEPT # ip address of firewall eth2
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A FORWARD -i eth0 -o eth2 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth2 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -s xxx.xxx.xxx.xxx -j ACCEPT # ip address of firewall eth0
iptables -A OUTPUT -s yyy.yyy.yyy.yyy -j ACCEPT # ip address of firewall eth1
iptables -A OUTPUT -s zzz.zzz.zzz.zzz -j ACCEPT # ip address of firewall eth2
then you can save this filew as iptables-script , do a chmod 755 iptables-script , and then run it with ./iptables-script , you could put it to your /root dir and then make a entry for it in /etc/rc.d/rc.local
./root/iptables-script
then you will use for windows xp client gateway 192.168.0.250, for windows 2003 gateway 192.168.1.250, and you will be able to ping 192.168.0.250 from win2003, and 192.168.1.250 from winxp.
Sincerely
Robert B
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.