I have a server (where I am administrator) to which I can connect via MSTSC.exe from windows under NAT. server is under NAT. I have ssh and sudo rights to Linux server with public IP to open ports 2k and above and install software. Using what software I could forward my windows port thrue linux server?
-
Your question is not completely clear. Do you want to use the Linux pc as a proxy for your Windows pc? Do you want to forward all of the windows pc through the Linux pc, or only some part of it? Or instead you want requests coming to your Windows pc be forwarded and answered by the Linux pc?– MariusMatutiaeCommented Nov 10, 2013 at 6:09
1 Answer
There are several ways to do it:
The quickest way (for temporary use) is to use a ssh client like putty. You connect to your linux box and add a tunnel rule.
Doing it on the linux box, you're goal is to enable ip forwarding on the linux box as well as adding a firewall rule that redirects traffic from an unused highport to your windows rdp port (which is 3389). The command of choice is iptables. With that you can add network rules to the linux kernel. It is suggested to use high ports on your public interface to prevent script kiddies from scanning default ports.
First, enable ip forwarding (if not enabled already):
Temporary:
sysctl -w net.ipv4.ip_forward=1
Then add a firewall rule using iptables:
Lets say: eth0 is internal with 192.168.1.0/24 network, eth1 external with ip 1.2.3.4
sudo iptables -t nat -A PREROUTING -t nat -p tcp -d 1.2.3.4 --dport 3389 -j DNAT --to 192.168.16.1:3389
If the external highport shall be 12345 you may define this iptables rule
sudo iptables -t nat -A PREROUTING -t nat -p tcp -d 1.2.3.4 --dport 12345 -j DNAT --to 192.168.16.1:3389
To check your NAT rules use following command: sudo iptables -L -nv -t nat
Permanently:
sudo nano /etc/sysctl.conf
and add following line:
net.ipv4.ip_forward=1
Restart sysctl with
sudo sysctl -p
To permanently add the iptables rule, you may create a firewall init script on your linux box (if not already there) and hang it into the runlevel your linux box is already running in.
You may Google also 'Linux iptables NAT', 'port forwarding' and similar. There is a lot of documentation out there - even for rdp.