At 09:37 AM 6/4/02 -0400, Jaime Goncalves wrote: >Hi I'm trying to rdp into my win2k server behind my lrp box this is the >command to open the port on the lrp box from the command line "ipchains >-A forward -p tcp -s xxx.xxx.xxx.xxx 3389 -d xxx.xxx.xxx.xxx 3389 -j >ACCEPT" >can any one see a problem with the syntax
The syntax looks fine. But in choosing to conceal the IP addresses involved, you left open the question of whether this setup is a simple router or a NAT'ing router. If the LEAF router is NAT'ing, you'll need to add a port-forwarding entry (via ipmasqadm) instead of this ipchains entry. And in any case, you may need to modify the input chain to ACCEPT incoming traffic from or to (or both) port 3389. (And since I am unacqquainted with the rdp service, I don't actuaally know that it can be made to work through a NAT'd connection at all.) Oh, one qualification on my syntax comment ... you are adding (-A) this rule rather than inserting (-I ##) it. This means it gets put at the *end* of the forward chain. Since packets pass through the rules of a chain in order until they hit a matching one, it is possible that some rule prior to the one you are creating will catch and act on the packets. This is why a chain's rules have to be evaluated as a set, not singly, in isolation. If this really was just a question about the syntax of ipchains commends, then you are set. If you are experiencing trouble with the hookup, though (as I suspect), you'll probably need to post a more complete trouble descriptnion. See the "SR FAQ" link below for help if you need to do this. -- -----------------------------------------------"Never tell me the odds!"-------------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------------------- _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
