Hello, I have DSL with some external IP adresses, I have done masq on one external IP adress to 40 PC''s from my network. Only one PC (my) have other external IP by NAT rule: nat file: 83.14.215.157 eth0:0 192.168.1.6 I have done some rules f.e. for emule to have HIGH ID, and it is working excellent: ACCEPT net loc:192.168.1.6 udp 4662 ACCEPT net loc:192.168.1.6 tcp 4662 etc. !! But I really want to have remout desktop (windows 2003) on my PC from internet. Sometimes I want to get to my my PC from internet and administrate it (my pc is in my LAN). I have done rules: ACCEPT net loc:192.168.1.6 tcp 3389 ACCEPT net loc:192.168.1.6 udp 3389 and it is not working :( Why ? I can get to my PC only from my LAN from other computers, but not from internet through my gateway with shorewall and that rules. Please advice me. -- Best wishes from Poland Maciek Kurkeiwicz ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> !! But I really want to have remout desktop (windows 2003) on my PC > from internet. Sometimes I want to get to my my PC from internet and > administrate it (my pc is in my LAN). I have done rules: > > ACCEPT net loc:192.168.1.6 tcp 3389 > ACCEPT net loc:192.168.1.6 udp 3389 > > and it is not working :( Why ? I can get to my PC only from my LAN from > other computers, but not from internet through my gateway with > shorewall and that rules. Please advice me.Now, I know I am suggesting the obvious here, but have you checked your Windows Firewall? ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Wednesday 12 April 2006 15:34, viuwier wrote:> > and it is not working :( Why ? I can get to my PC only from my LAN from > other computers, but not from internet through my gateway with > shorewall and that rules. Please advice me.See the DNAT debugging tips in Shorewall FAQs 1a and 1b. Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
viuwier wrote:> Hello, > > I have DSL with some external IP adresses, I have done masq on one > external IP adress to 40 PC''s from my network. Only one PC (my) have > other external IP by NAT rule: > > nat file: > 83.14.215.157 eth0:0 192.168.1.6 > > I have done some rules f.e. for emule to have HIGH ID, and it is > working excellent: > > ACCEPT net loc:192.168.1.6 udp 4662 > ACCEPT net loc:192.168.1.6 tcp 4662 etc. > > !! But I really want to have remout desktop (windows 2003) on my PC > from internet. Sometimes I want to get to my my PC from internet and > administrate it (my pc is in my LAN). I have done rules: > > ACCEPT net loc:192.168.1.6 tcp 3389 > ACCEPT net loc:192.168.1.6 udp 3389 > > and it is not working :( Why ? I can get to my PC only from my LAN from > other computers, but not from internet through my gateway with > shorewall and that rules. Please advice me. > > >It needs to be a DNAT rule and not an ACCEPT rule, try: DNAT net loc:192.168.1.6 tcp 3389 ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Thursday 13 April 2006 00:34, Patrick Jacques wrote:> viuwier wrote: > > Hello, > > > > I have DSL with some external IP adresses, I have done masq on one > > external IP adress to 40 PC''s from my network. Only one PC (my) have > > other external IP by NAT rule: > > > > nat file: > > 83.14.215.157 eth0:0 192.168.1.6 > > > > I have done some rules f.e. for emule to have HIGH ID, and it is > > working excellent: > > > > ACCEPT net loc:192.168.1.6 udp 4662 > > ACCEPT net loc:192.168.1.6 tcp 4662 etc. > > > > !! But I really want to have remout desktop (windows 2003) on my PC > > from internet. Sometimes I want to get to my my PC from internet and > > administrate it (my pc is in my LAN). I have done rules: > > > > ACCEPT net loc:192.168.1.6 tcp 3389 > > ACCEPT net loc:192.168.1.6 udp 3389 > > > > and it is not working :( Why ? I can get to my PC only from my LAN from > > other computers, but not from internet through my gateway with > > shorewall and that rules. Please advice me. > > It needs to be a DNAT rule and not an ACCEPT rule, try: > > DNAT net loc:192.168.1.6 tcp 3389 >The OP had an entry in the nat file that maps connections targeted for 83.13.215.157 to 192.168.1.6; hence, ACCEPT rules are appropriate (provided that the connection from the internet is targeted at 83.13.215.157). Regarding my advice to read FAQs 1a and 1b -- the rule structure is slightly different in the NAT table where 1:1 NAT is used -- the chain containing the DNAT rule will be eth0_in rather than net_masq and it will not specify a protocol and port. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> Now, I know I am suggesting the obvious here, but have you checked > your Windows Firewall?yes, there is no windows firewall :( -- best wishes from Poland, Maciej Kurkiewicz ICQ: 3385742 ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642