slugman Posted February 21, 2011 Share Posted February 21, 2011 I have got 3 PC's behind a LInux server NAT firewall, on a 192.168.1.0/24 subnet, PC1 = 192.168.1.10 PC2 = 192.168.1.11 PC3 = 192.168.1.12 All PC's need to send mail by SMTP direct to my ISP mail server. I need to RDP to PC 3 only from the Internet. I don't want any other access from outside. And Typical access inside the network between the PC's Can someone please help me with the commands i would use to do this, ive been looking at it for a while now and i haven't got anywhere. Thanks in advance. . Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted February 21, 2011 Share Posted February 21, 2011 read iptables manual. man iptables Or just go buy a linksys E3000 and use that... Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted February 21, 2011 Share Posted February 21, 2011 This article should help you out http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables Quote Link to comment Share on other sites More sharing options...
slugman Posted February 21, 2011 Author Share Posted February 21, 2011 I dont really want to buy anything. I have looked at the man pages and i can't make sense of it. can you give me a point in the right direction with the commands to put and i will learn from that. thanks ...slug Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted February 21, 2011 Share Posted February 21, 2011 I dont really want to buy anything. I have looked at the man pages and i can't make sense of it. can you give me a point in the right direction with the commands to put and i will learn from that. thanks ...slug That link I sent you should get you started and plus you don't have to buy a router just need to read up on the article. Quote Link to comment Share on other sites More sharing options...
slugman Posted February 21, 2011 Author Share Posted February 21, 2011 Cheers im looking at this now looks alot easyer to read than, MAN pages, Thanks alot. Quote Link to comment Share on other sites More sharing options...
digip Posted February 21, 2011 Share Posted February 21, 2011 (edited) Is box 3 Windows and are you using the default RDP client/Terminal Services built into windows? If so, RDP can be MITM'ed and I wouldn't recommend using remotely. There is another thread where we were discussing how to set up RDP and port forward port 3389 for RDP, but the more I think about it, its just bad all around to do remotely. For starters there is the MITM issue, but also because it identifies a known target, a Windows box on the inside of your network. Not that this isn't common for people to be running windows, its expected, but now they can see this port from the internet since you are planning to open it up on the firewall. I would suggest something like TeamViewer, since it works without having to change firewall rules and settings on the network and wont require port forwarding. Now, I'd say still learn how to use and set up IP Tables, but even after doing so, find a more secure alternative than standard RDP from outside your lan. Inside your lan, its fine for everyday use, but I would not suggest using it remotely unless through a VPN tunnel to the home machine. Edited February 21, 2011 by digip Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted February 21, 2011 Share Posted February 21, 2011 Is box 3 Windows and are you using the default RDP client/Terminal Services built into windows? If so, RDP can be MITM'ed and I wouldn't recommend using remotely. There is another thread where we were discussing how to set up RDP and port forward port 3389 for RDP, but the more I think about it, its just bad all around to do remotely. For starters there is the MITM issue, but also because it identifies a known target, a Windows box on the inside of your network. Not that this isn't common for people to be running windows, its expected, but now they can see this port from the internet since you are planning to open it up on the firewall. I would suggest something like TeamViewer, since it works without having to change firewall rules and settings on the network and wont require port forwarding. Now, I'd say still learn how to use and set up IP Tables, but even after doing so, find a more secure alternative than standard RDP from outside your lan. Inside your lan, its fine for everyday use, but I would not suggest using it remotely unless through a VPN tunnel to the home machine. RDP by design is not very secure and that's why I use OpenVPN to remotely connect into my home PC. A lot secure and safer that way, and no need to install a third party software like TeamViewer. Quote Link to comment Share on other sites More sharing options...
digip Posted February 21, 2011 Share Posted February 21, 2011 RDP by design is not very secure and that's why I use OpenVPN to remotely connect into my home PC. A lot secure and safer that way, and no need to install a third party software like TeamViewer. No disrespect, but OpenVPN is not a natively installed program for Windows either. Come to think of it, its not installed in Linux by default either. Use what gets the job done though, and OpenVPN is a great solution(have had to use it for work on a clients website before) and much more secure than RDP alone. I've got TeamVIEWER running on BackTrack and Windows, and carry it with me on my thrumb-drive, so if I'm away somewhere, I can still access these two machines easily. Especially with the BackTrack machine, since its a VM and not sitting on the same subnet as my regular lan/host machine, I don't have to play with forwarding anything to get it working. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted February 22, 2011 Share Posted February 22, 2011 No disrespect, but OpenVPN is not a natively installed program for Windows either. Come to think of it, its not installed in Linux by default either. Use what gets the job done though, and OpenVPN is a great solution(have had to use it for work on a clients website before) and much more secure than RDP alone. I've got TeamVIEWER running on BackTrack and Windows, and carry it with me on my thrumb-drive, so if I'm away somewhere, I can still access these two machines easily. Especially with the BackTrack machine, since its a VM and not sitting on the same subnet as my regular lan/host machine, I don't have to play with forwarding anything to get it working. Hey buddy, Who said you are being disrespectful, but you misunderstood my point. I never said OpenVPN was part of Windows itself. What I was trying to say, was since RDP alone is not secure, I use OpenVPN to make the connection secure, when I want to remote into my PCs from the internet. Furthermore OpenVPN is a separate installation and will never come bundled with Windows. Quote Link to comment Share on other sites More sharing options...
digip Posted February 22, 2011 Share Posted February 22, 2011 Hey buddy, Who said you are being disrespectful, but you misunderstood my point. I never said OpenVPN was part of Windows itself. What I was trying to say, was since RDP alone is not secure, I use OpenVPN to make the connection secure, when I want to remote into my PCs from the internet. Furthermore OpenVPN is a separate installation and will never come bundled with Windows. I think maybe you missunderstood my point when you wrote "no need to install a third party software like TeamViewer." as openvpn is 3rd party software you would need to install. Also, TeamViewer doesn't have to be installed really, it can be unzipped to a thumbdrive and carried with you anywhere. There is "OpenVPN Portable" as well, but I've not tried it yet. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted February 22, 2011 Share Posted February 22, 2011 (edited) I think maybe you missunderstood my point when you wrote "no need to install a third party software like TeamViewer." as openvpn is 3rd party software you would need to install. Also, TeamViewer doesn't have to be installed really, it can be unzipped to a thumbdrive and carried with you anywhere. There is "OpenVPN Portable" as well, but I've not tried it yet. Ohh Boy, yeah I did misunderstood you. Thanks for clearing that up for me. Edited February 22, 2011 by Infiltrator Quote Link to comment Share on other sites More sharing options...
slugman Posted February 22, 2011 Author Share Posted February 22, 2011 Can i just say, this is not my own design on security, this is what i have been asked to do, its done now. There is no way I would set things up like this. i have my own remote access methods. VNC through a SSH tunnel, Its easy and the best way, that for you help Infiltrator (document helped those man pages get abit of a hard read) sluggerzz..... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.