Topic: Rules for controlling access on a specific port

[Franco]

I need to use M$ RDC to access a remote system behind SME. I have forwarded the TCP/UDP 3389 ports to the system and now anyone who scans the network can see the open ports and try entering.
How can I creat a set of rules so only an specified IP can access these ports?

Thanks in advance,

[smeghead]

I do this courtesy of a good hardware router in front of the SME box (thats in server/gateway mode so network is double NAT'd), my preference is a Netgear FR328.

Certainly not the cheapest option but dead easy to use and support.

HTH

[Franco]

...and forward all the necesseray ports?
Is the Netgear possible of doing the Access Control?

Thanks,

[mdo]

Hi,

I would like to raise stuntshell's original question again to see whether it's possible with iptables? (to allow access to the portforwarded terminalserver port 3389 only for specific, pre-defined source IP adresses)

If iptables allows for this, I am happy to modify a custom template, don't need a panel for that.

Regards,
Michael

[Franco]

Michael,
I'm still on a search for the answer, as the Netgear is not on my list, if everything else fails I'd go with Monowall on a cheap hardware providing the extra layer.
Another question I have, if I can't make an iptables rule:
Can I use a TCP wrapper such as the hosts.allow for the same purpose, and is it secure?
Thanks,

[Franco]

Answering my own question:
-No ,as hosts.allow can only control daemons active on the server!