Find the answer to your Linux question:
Results 1 to 3 of 3
hi, i want to reach a box that cant be reached from the outside. it is connected to the internet and can send data of course. i want WINDOWS-BOX to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2013
    Posts
    18

    reaching RDP behind a firewall


    hi,

    i want to reach a box that cant be reached from the outside. it is connected to the internet and can send data of course.
    i want WINDOWS-BOX to connect to RDP-BOX over KVM

    this is what my setup looks like:
    s11.postimg.org/8i5yrtp0j/network_setup.png
    (sorry, cant post links yet. please copy and paste into your browser)

    what i trieed:
    RDP-BOX:
    eth0 - 192.168.29.1
    tun0 - 10.8.2.6

    iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 8888 -j DNAT --to-destination 192.168.29.1:3389
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    sysctl -w net.ipv4.ip_forward=1





    KVM-BOX:
    eth0 - some official ipv4 address
    tun0 - 10.8.2.1

    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8888 -j DNAT --to-destination 10.8.2.6:8888
    sysctl -w net.ipv4.ip_forward=1





    if i do connect from the WINDOWS-BOX to the KVM-BOX ipv4 address i can see on the KVM-BOX:
    Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    1 52 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 to:10.8.2.6:17398


    and on the RDP-BOX
    Chain PREROUTING (policy ACCEPT 94 packets, 12908 bytes)
    pkts bytes target prot opt in out source destination
    3 152 DNAT tcp -- tun0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 to:192.168.29.1:3389

    #on RDP-BOX
    sudo tcpdump -i eth0 port 3389 #this does show NO traffic, shouldnt the rdp client packets go through here?
    Last edited by Havana_Cola; 09-03-2013 at 09:45 PM.

  2. #2
    Just Joined!
    Join Date
    Jun 2004
    Location
    North Hollywood, CA
    Posts
    22
    I would try baby steps to find the real issue. Can you ssh into the RDP box? The KVM box? Right now you are not getting packets through to the KVM box. Is there a firewall besides these two iptables somewhere? Most corporate firewalls won't allow RDP, or most protocols other than what is needed by the company, to get through. You just can't allow anyone who wants to have the ability to control internal systems from the outside without good reason. That would be a question for your security person. I've been at places where you had to connect to a proxy first, then to the boxes you want to hit, to control internal systems. Usually, only an IT person or an upper management type would be granted the rights to do all of this.

  3. #3
    Just Joined!
    Join Date
    Mar 2013
    Posts
    18
    i have to close this for know, somebody on #networking@freenode told me that it maybe problematic because my target and my testing system are in the same lan.
    for now a openvpn connection seems to work, i will come back to this in a few days to figure it out.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •