Jump to content

Linux Nat Firewall Problem

slugman

By slugman
in Questions

 Share

Recommended Posts

slugman Newbie

slugman

Posted
Posted

I have got 3 PC's behind a LInux server NAT firewall, on a 192.168.1.0/24 subnet,

PC1 = 192.168.1.10

PC2 = 192.168.1.11

PC3 = 192.168.1.12

All PC's need to send mail by SMTP direct to my ISP mail server.

I need to RDP to PC 3 only from the Internet.

I don't want any other access from outside.

And Typical access inside the network between the PC's

Can someone please help me with the commands i would use to do this, ive been looking at it for a while now and i haven't got anywhere.

Thanks in advance. .

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

This article should help you out

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables

Link to comment
Share on other sites
slugman Newbie

slugman

Posted
  • Author
Posted

I dont really want to buy anything.

I have looked at the man pages and i can't make sense of it. can you give me a point in the right direction with the commands to put and i will learn from that.

thanks

...slug

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

I dont really want to buy anything.

I have looked at the man pages and i can't make sense of it. can you give me a point in the right direction with the commands to put and i will learn from that.

thanks

...slug

That link I sent you should get you started and plus you don't have to buy a router just need to read up on the article.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted (edited)

Is box 3 Windows and are you using the default RDP client/Terminal Services built into windows? If so, RDP can be MITM'ed and I wouldn't recommend using remotely. There is another thread where we were discussing how to set up RDP and port forward port 3389 for RDP, but the more I think about it, its just bad all around to do remotely. For starters there is the MITM issue, but also because it identifies a known target, a Windows box on the inside of your network. Not that this isn't common for people to be running windows, its expected, but now they can see this port from the internet since you are planning to open it up on the firewall. I would suggest something like TeamViewer, since it works without having to change firewall rules and settings on the network and wont require port forwarding.

Now, I'd say still learn how to use and set up IP Tables, but even after doing so, find a more secure alternative than standard RDP from outside your lan. Inside your lan, its fine for everyday use, but I would not suggest using it remotely unless through a VPN tunnel to the home machine.

Edited by digip
Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

Is box 3 Windows and are you using the default RDP client/Terminal Services built into windows? If so, RDP can be MITM'ed and I wouldn't recommend using remotely. There is another thread where we were discussing how to set up RDP and port forward port 3389 for RDP, but the more I think about it, its just bad all around to do remotely. For starters there is the MITM issue, but also because it identifies a known target, a Windows box on the inside of your network. Not that this isn't common for people to be running windows, its expected, but now they can see this port from the internet since you are planning to open it up on the firewall. I would suggest something like TeamViewer, since it works without having to change firewall rules and settings on the network and wont require port forwarding.

Now, I'd say still learn how to use and set up IP Tables, but even after doing so, find a more secure alternative than standard RDP from outside your lan. Inside your lan, its fine for everyday use, but I would not suggest using it remotely unless through a VPN tunnel to the home machine.

RDP by design is not very secure and that's why I use OpenVPN to remotely connect into my home PC. A lot secure and safer that way, and no need to install a third party software like TeamViewer.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

RDP by design is not very secure and that's why I use OpenVPN to remotely connect into my home PC. A lot secure and safer that way, and no need to install a third party software like TeamViewer.

No disrespect, but OpenVPN is not a natively installed program for Windows either. Come to think of it, its not installed in Linux by default either. Use what gets the job done though, and OpenVPN is a great solution(have had to use it for work on a clients website before) and much more secure than RDP alone. I've got TeamVIEWER running on BackTrack and Windows, and carry it with me on my thrumb-drive, so if I'm away somewhere, I can still access these two machines easily. Especially with the BackTrack machine, since its a VM and not sitting on the same subnet as my regular lan/host machine, I don't have to play with forwarding anything to get it working.

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

No disrespect, but OpenVPN is not a natively installed program for Windows either. Come to think of it, its not installed in Linux by default either. Use what gets the job done though, and OpenVPN is a great solution(have had to use it for work on a clients website before) and much more secure than RDP alone. I've got TeamVIEWER running on BackTrack and Windows, and carry it with me on my thrumb-drive, so if I'm away somewhere, I can still access these two machines easily. Especially with the BackTrack machine, since its a VM and not sitting on the same subnet as my regular lan/host machine, I don't have to play with forwarding anything to get it working.

Hey buddy,

Who said you are being disrespectful, but you misunderstood my point. I never said OpenVPN was part of Windows itself. What I was trying to say, was since RDP alone is not secure, I use OpenVPN to make the connection secure, when I want to remote into my PCs from the internet.

Furthermore OpenVPN is a separate installation and will never come bundled with Windows.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

Hey buddy,

Who said you are being disrespectful, but you misunderstood my point. I never said OpenVPN was part of Windows itself. What I was trying to say, was since RDP alone is not secure, I use OpenVPN to make the connection secure, when I want to remote into my PCs from the internet.

Furthermore OpenVPN is a separate installation and will never come bundled with Windows.

I think maybe you missunderstood my point when you wrote "no need to install a third party software like TeamViewer." as openvpn is 3rd party software you would need to install.

Also, TeamViewer doesn't have to be installed really, it can be unzipped to a thumbdrive and carried with you anywhere. There is "OpenVPN Portable" as well, but I've not tried it yet.

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted (edited)

I think maybe you missunderstood my point when you wrote "no need to install a third party software like TeamViewer." as openvpn is 3rd party software you would need to install.

Also, TeamViewer doesn't have to be installed really, it can be unzipped to a thumbdrive and carried with you anywhere. There is "OpenVPN Portable" as well, but I've not tried it yet.

Ohh Boy, yeah I did misunderstood you. Thanks for clearing that up for me.

Edited by Infiltrator
Link to comment
Share on other sites
slugman Newbie

slugman

Posted
  • Author
Posted

Can i just say, this is not my own design on security, this is what i have been asked to do, its done now.

There is no way I would set things up like this.

i have my own remote access methods.

VNC through a SSH tunnel,

Its easy and the best way,

that for you help Infiltrator (document helped those man pages get abit of a hard read)

sluggerzz.....

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...