Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Franco on February 22, 2005, 09:13:10 PM
-
I need to use M$ RDC to access a remote system behind SME. I have forwarded the TCP/UDP 3389 ports to the system and now anyone who scans the network can see the open ports and try entering.
How can I creat a set of rules so only an specified IP can access these ports?
Thanks in advance,
-
I do this courtesy of a good hardware router in front of the SME box (thats in server/gateway mode so network is double NAT'd), my preference is a Netgear FR328.
Certainly not the cheapest option but dead easy to use and support.
HTH
-
...and forward all the necesseray ports?
Is the Netgear possible of doing the Access Control?
Thanks,
-
Hi,
I would like to raise stuntshell's original question again to see whether it's possible with iptables? (to allow access to the portforwarded terminalserver port 3389 only for specific, pre-defined source IP adresses)
If iptables allows for this, I am happy to modify a custom template, don't need a panel for that.
Regards,
Michael
-
Michael,
I'm still on a search for the answer, as the Netgear is not on my list, if everything else fails I'd go with Monowall on a cheap hardware providing the extra layer.
Another question I have, if I can't make an iptables rule:
Can I use a TCP wrapper such as the hosts.allow for the same purpose, and is it secure?
Thanks,
-
Answering my own question:
-No ,as hosts.allow can only control daemons active on the server! :-(