We have configured a network here with Linux acting as a router/firewall for
the Internet and a Terminal Server (yeah Ihate it to) sitting behind the
The internal IP of TS is 10.0.0.1 and the firewall is 10.0.0.254. We have
setup rules on the Linux box to forward all packets on to the internet (so it
is just acting as a gateway) which works fine.
We have also setup a forward rule using ip masquerading on port 3389 to
forward to port 3389 on the TS box - this is to allow for remote clients to
point their terminal server client software to our linux box and have it
forward it to the terminal server box for connection. All other inbound ports
are blocked. This works fine when we dial up to the internet on a remote
machine and connect using the IP of the Linux box.
The problem now is we have a Linux box at our office acting as a gateway in a
similar fashion (without anotehr server here) and my laptop is configured to
use our Linux box as its gateway. I can telnet to the other Linux box fine
but when I try and establish a terminal serevr connection the connection time
s out. I can telnet to port 3389 on the Linux box and see that the forward is
working. If I connect directly to the net using a modem it also works.
I setup a similar rule for VNC (using 5900) and the same thing occurs after it
asks for a password it just sits forever 'Initializing' the screen and
I'm guessing the problem is with our Linux box here and that after the initial
connection with the remote server another port is being opened for broadcast
that are Linux box here is denying.
How do I get around this problem ?
My rc.local has the following settings -
ipfwadm -F -p deny
ipfwadm -F -a m -b -S 10.0.0.0/24 -D 0.0.0.0/0
Is it the deny causing the problem ?