I am moving from CentOS to Debian Lenny using shorewall 4.4.6. I am having a problem with local clients connecting to RDP servers on the internet. Local Client: 172.16.1.21 My Public IP: 4.4.4.149 RDP Server: 216.128.128.135 TCP Dump shows the connection is taking place: 03:26:33.275326 IP 172.16.1.21.53936 > 216.128.128.135.3389: S 1635877777:1635877777(0) win 65535 <mss 1460,nop,nop,sackOK> 03:26:33.275352 IP 4.4.4.149.53936 > 216.128.128.135.3389: S 1635877777:1635877777(0) win 65535 <mss 1460,nop,nop,sackOK> 03:26:33.276060 IP 216.128.128.135.3389 > 4.4.4.149.53936: R 0:0(0) ack 1635877778 win 0 03:26:33.276077 IP 216.128.128.135.3389 > 172.16.1.21.53936: R 0:0(0) ack 1635877778 win 0 03:26:33.719204 IP 172.16.1.21.53936 > 216.128.128.135.3389: S 1635877777:1635877777(0) win 65535 <mss 1460,nop,nop,sackOK> 03:26:33.719225 IP 4.4.4.149.53936 > 216.128.128.135.3389: S 1635877777:1635877777(0) win 65535 <mss 1460,nop,nop,sackOK> 03:26:33.719788 IP 216.128.128.135.3389 > 4.4.4.149.53936: R 0:0(0) ack 1 win 0 03:26:33.719803 IP 216.128.128.135.3389 > 172.16.1.21.53936: R 0:0(0) ack 1 win 0 03:26:34.222136 IP 172.16.1.21.53936 > 216.128.128.135.3389: S 1635877777:1635877777(0) win 65535 <mss 1460,nop,nop,sackOK> 03:26:34.222154 IP 4.4.4.149.53936 > 216.128.128.135.3389: S 1635877777:1635877777(0) win 65535 <mss 1460,nop,nop,sackOK> 03:26:34.222982 IP 216.128.128.135.3389 > 4.4.4.149.53936: R 0:0(0) ack 1 win 0 03:26:34.222997 IP 216.128.128.135.3389 > 172.16.1.21.53936: R 0:0(0) ack 1 win 0 The client does not get the connection. iptables -L -n | grep 3389 shows this: ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3389 Which is consistent with the rule I put at the top of my rules file: ACCEPT loc net tcp 3389 #RDP Is this a problem with NetFilter and/or conntrack? What other information should I provide to help resolve this? Thanks, Ronnie ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
Red Baron wrote:>The client does not get the connection. > >iptables -L -n | grep 3389 shows this: >ACCEPT tcp -- <http://0.0.0.0/0>0.0.0.0/0 ><http://0.0.0.0/0>0.0.0.0/0 tcp dpt:3389 > > >Which is consistent with the rule I put at the top of my rules file: >ACCEPT loc net tcp 3389 #RDP > >Is this a problem with NetFilter and/or conntrack? What other >information should I provide to help resolve this?Well I can assure you that RDP normally works just fine with nothing more than the rule you provided. As for getting help, http://shorewall.net/support.htm -- Simon Hobson WANTED: "Software CD ROM Kit" for Canon CLBP 360-PS printer (Canon part no RH6-3612, or possibly RH6-3810, or RH6-3610 might do). I''ve a dead HD and need this CD so I can replace the disk and re-install the printer OS on it. If anyone knows where I might get hold of one I''d be grateful - requests to Canon drew a blank, it''s been out of support for years. Alternatively, if anyone has one of these and would let me image their hard disk ... Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
On Thu, 2010-02-11 at 13:18 -0600, Red Baron wrote:> I am moving from CentOS to Debian Lenny using shorewall 4.4.6. > > I am having a problem with local clients connecting to RDP servers on > the internet.> Is this a problem with NetFilter and/or conntrack? What other > information should I provide to help resolve this?http://www.shorewall.net/support.htm#Guidelines -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev