Hi I have my Shorewall firewall all up and working. I would like to know if it is possible to have 2 or more MS RDC sessions put into the rules and how to go about doing this. I would like to connect to say 3 or 4 machines running RDC how would I configure the rules so that i can do this. I currently need this as I need to access 3 of my servers from outside my network. I know you can do it with VNC but im not very fond of VNC. Many Thanks John ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information
John Rufino wrote:> Hi > > I have my Shorewall firewall all up and working. I would like to know if > it is possible to have 2 or more MS RDC sessions put into the rules and > how to go about doing this. > > I would like to connect to say 3 or 4 machines running RDC how would I > configure the rules so that i can do this. I currently need this as I > need to access 3 of my servers from outside my network. I know you can > do it with VNC but im not very fond of VNC. > > Many Thanks > > JohnHi John Same rules as VNC, but with different ports. The RDC port you require is TCP 3389. Regards Ray> > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by the JBoss Inc. > Get Certified Today * Register for a JBoss Training Course > Free Certification Exam for All Training Attendees Through End of 2005 > Visit http://www.jboss.com/services/certification for more information > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information
Ray Booysen wrote on 25/10/2005 12:52:36:> John Rufino wrote: > > Hi > > > > > > I would like to connect to say 3 or 4 machines running RDC how would I> > configure the rules so that i can do this. I currently need this as I > > need to access 3 of my servers from outside my network. I know you can> > do it with VNC but im not very fond of VNC. > > > Hi John > > Same rules as VNC, but with different ports. The RDC port you require > is TCP 3389. >Be aware that this is a very insecure form of remote access. I would recommend a vpn login (ipsec, pptp, openvpn or whatever) before connecting via RDC. Leaving a very well known port like 3389 open on your firewall is very dangerous... cheers -- Eduardo Ferreira
On Tuesday 25 October 2005 07:52, Ray Booysen wrote:> > Same rules as VNC, but with different ports. The RDC port you require > is TCP 3389. >Another solution would be to use a VPN with gateway on the firewall or on a system behind the firewall. You could then use RDC through the VPN. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> On Tuesday 25 October 2005 07:52, Ray Booysen wrote: > >> Same rules as VNC, but with different ports. The RDC port you require >> is TCP 3389. >> > > Another solution would be to use a VPN with gateway on the firewall or on a > system behind the firewall. You could then use RDC through the VPN. > > -TomThats the solution I use. VPN in and then RDC is available without worrying about open ports. ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information
On Tuesday 25 October 2005 08:39, Ray Booysen wrote:> > Thats the solution I use. VPN in and then RDC is available without > worrying about open ports.As Eduardo points out, it''s a much more secure solution (and it requires fewer firewall rules). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Eduardo Ferreira wrote:> ... >>Same rules as VNC, but with different ports. The RDC port you require >>is TCP 3389. >> > Be aware that this is a very insecure form of remote access. I would > recommend a vpn login (ipsec, pptp, openvpn or whatever) before connecting > via RDC. Leaving a very well known port like 3389 open on your firewall > is very dangerous...How so? I thought all RDP traffic was encrypted under version 5 of the protocol? Paul ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information
Paul Gear wrote on 27/10/2005 03:15:46:> Eduardo Ferreira wrote: > > ... > >>Same rules as VNC, but with different ports. The RDC port you require> >>is TCP 3389. > >> > > Be aware that this is a very insecure form of remote access. I would > > recommend a vpn login (ipsec, pptp, openvpn or whatever) beforeconnecting> > via RDC. Leaving a very well known port like 3389 open on yourfirewall> > is very dangerous... > > How so? I thought all RDP traffic was encrypted under version 5 of the > protocol? > > PaulYes, but how about opening a port directly from the net to one of your servers? IMHO, this is a no-no. Eduardo
Eduardo Ferreira wrote:> ... >>>Be aware that this is a very insecure form of remote access. I would >>>recommend a vpn login (ipsec, pptp, openvpn or whatever) before > connecting >>>via RDC. Leaving a very well known port like 3389 open on your > firewall >>>is very dangerous... >>How so? I thought all RDP traffic was encrypted under version 5 of the >>protocol? >> >>Paul > Yes, but how about opening a port directly from the net to one of your > servers? IMHO, this is a no-no.You''ve got to open the port to *something*... :-) Paul ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information
Tom Eastep wrote on 27/10/2005 11:18:34:> Eduardo Ferreira wrote: > > ... > >> > >>Paul > > Yes, but how about opening a port directly from the net to one of your> > servers? IMHO, this is a no-no. > > You''ve got to open the port to *something*... :-) > > Paulof course you must open a door. What I don''t like in this solution is that you open a well-known door directly to a windows box prompting you to login. I''m not a windows-basher but I don''t trust MS security so much ;-) I think there are better solutions out there that are not so fragile from a security point of view. For instance, you could first connect to a vpn server on which you authenticate via key exchange and/or login. from there, you would connect to your windows box. cheers -- Eduardo Ferreira