Topic: Port forward not working

[Daniel B.]

As for iptables output, use iptables -L -vn if you want more details

[DanB35]

...and it's somewhat orthogonal to the original question, but it looks like you're trying to connect to two different computers via RDP from the WAN.  I have no idea how secure RDP is (though I don't think I'd be optimistic), but a completely different way to address this, that would certainly work, and would almost certainly be more secure, is to set up a VPN connection--I like OpenVPN, but there are a few different contribs for VPNs.  That way, you can simply connect to the desired remote IP address using your client machine.

[CharlieBrady]

Multihoming must be managed on your final box, that's not an SME Server issue. My guess (which you can verify using wireshark or tcpdump) is that connections going to 10.0.0.3 are replied by your w2k8 box using 10.0.0.2 IP address. Can you explain why you want to different IP addresses here ?

I agree that this is likely a win2k problem.

[CharlieBrady]

My guess (which you can verify using wireshark or tcpdump) is that connections going to 10.0.0.3 are replied by your w2k8 box using 10.0.0.2 IP address.

If that is the case, the return traffic would be dropped by iptables, and logged in /var/log/iptables/current.

[chuzz]

To all who have taken time to respond, thank you. The issue has been resolved.

Turns out it was actually my fault - the firewall on the remote workstation I was trying to connect from was blocking it. So I offer my humble apologies to all those who wasted time thinking about what could be wrong.

 

The reason I never thought to check the firewall on the connecting box (my firewall) was because it used to work before I installed sme in the remote site. It seems I had manually added the firewall rules to allow ports 10002 & 10003 out (so it used to work before sme was installed) and then thought I had better add them to the firewall startup script. At some stage I rebooted my firewall. Turns out I had only added port 10002 to the startup script. D'oh.

PS. For those interested, the reason for 2 IPs on the win2k8 box is 1) the box has 2 built-in NICs to start with, and 2) it runs hyper-v so I channel the VM traffic out the 2nd NIC.

[edit] add embarrassment