Topic: Automatic port forwarding?

[dtech]

Hi All;

I need to allow a client remote RDP access to a workstation behind an SME 7.3 server/gateway. I hesitate to set up port forwarding and leave it open at all times. First I'd be interested in opinions on the security issue of leaving a port forward to an XP box waiting for RDP, and secondly I'm wondering if anyone has done something like set up a cron job to run a script that would set up the port forwarding on a limited but predictable timetable.

Thanks in advance!

[cactus]

Hi All;

I need to allow a client remote RDP access to a workstation behind an SME 7.3 server/gateway. I hesitate to set up port forwarding and leave it open at all times. First I'd be interested in opinions on the security issue of leaving a port forward to an XP box waiting for RDP, and secondly I'm wondering if anyone has done something like set up a cron job to run a script that would set up the port forwarding on a limited but predictable timetable.

Thanks in advance!

I suggest you consider VPN, does not open up such vital ports to the whole world and can be restricted. For the user it seems like he/she is connected to the local network although connecting from the outside. The VPN connection should also put the client on the LAN side which means you do not need to open up anything more than the VPN port (which is terminated and guarded by you SME Server).

[Fumetto]

I try it but when use VPN for RDP have a problem...

Code: [Select]

Nov 21 16:56:05 server1 kernel: mppe_decompress[0]: osize too small! (have: 1404 need: 1405)
If use VNC over VPN ok, RDP connection have this problem...

I search a solution but so far not managed to solve the problem...

This problem is only for RDP connection and if use Client Access AS400 session, VNC is OK.

Some ideas on how to solve?

[Stefano]

ciao Fumetto

AFAIR RDP problem is due to packet fragmentation.. search on the forums for mtu, I remember something about it

HTH
Ciao

Stefano

[Fumetto]

It's possible... various MTU present... search and report... 

[cactus]

I try it but when use VPN for RDP have a problem...

Code: [Select]

Nov 21 16:56:05 server1 kernel: mppe_decompress[0]: osize too small! (have: 1404 need: 1405)
If use VNC over VPN ok, RDP connection have this problem...

I search a solution but so far not managed to solve the problem...

This problem is only for RDP connection and if use Client Access AS400 session, VNC is OK.

Some ideas on how to solve?

Have a look at this bug report, the feature should be implemented in 7.4: http://bugs.contribs.org/show_bug.cgi?id=549

[Fumetto]

I've upgrade a low-important server now... if all ok upgrade a production server and test again... thanks 

[Fumetto]

Have a look at this bug report, the feature should be implemented in 7.4: http://bugs.contribs.org/show_bug.cgi?id=549

I love you man... 

In version 7.3, I resolved with the changes mentioned in that report bugs, Monday update to 7.4 and see what happens ...

Thanks again!!!

[cactus]

I love you man... 

In version 7.3, I resolved with the changes mentioned in that report bugs, Monday update to 7.4 and see what happens ...

Thanks again!!!

Keep in mind that only updating will stil lhave the default settings that do not work for you, so after upgrading you will have to tweak the parameters to your needs.

[Fumetto]

Upgrade done.
Version 7.3 was given this set of commands

Code: [Select]

#Log into the Console as root

#check the settings before changed
cat /etc/ppp/options.pptpd

#note mtu & mru settings

mkdir -p /etc/e-smith/templates-custom/etc/ppp/options.pptpd/
touch /etc/e-smith/templates-custom/etc/ppp/options.pptpd/mtu
touch /etc/e-smith/templates-custom/etc/ppp/options.pptpd/mru
signal-event remoteaccess-update

#check the settings are changed
cat /etc/ppp/options.pptpd

#note the absense of mtu & mru settings
After the upgrade to version 7.4, I checked with

Code: [Select]

cat /etc/ppp/options.pptpdand there was no need to give commands first cited to go all ... bug definitely resolved, I do only the tests with clients AS400 and then I can confirm the solution to a problem that has made me spend nights awake to study and try to understand

 

[cactus]

Upgrade done.
Version 7.3 was given this set of commands

Code: [Select]

#Log into the Console as root

#check the settings before changed
cat /etc/ppp/options.pptpd

#note mtu & mru settings

mkdir -p /etc/e-smith/templates-custom/etc/ppp/options.pptpd/
touch /etc/e-smith/templates-custom/etc/ppp/options.pptpd/mtu
touch /etc/e-smith/templates-custom/etc/ppp/options.pptpd/mru
signal-event remoteaccess-update

#check the settings are changed
cat /etc/ppp/options.pptpd

#note the absense of mtu & mru settings
After the upgrade to version 7.4, I checked with

Code: [Select]

cat /etc/ppp/options.pptpdand there was no need to give commands first cited to go all ... bug definitely resolved, I do only the tests with clients AS400 and then I can confirm the solution to a problem that has made me spend nights awake to study and try to understand

 

AFAIK a custom template is not needed anymore as you can set the MTU and MRU parameters from the configuration database now:

Code: [Select]

db configuration setprop pptpd mru xxx
db configuration setprop pptpd mtu xxxReplace xxx with the desired values.

After that you can remove your custom template fragments and do the signal-event:

Code: [Select]

signal-event remoteaccess-update