I would like to forward internet requests for a terminal server running RDP (Port 3389) from the Public IP to the internal windows server
i used the rule
iptables -t nat -I PREROUTING -d 19x.xxx.xxx.xxx -m tcp -p tcp --dport 3389 -j DNAT --to 192.168.x.x:3386
I cannot remote desktop into the computer
Can anyone help?
thanks
Did you also add the rule
iptables -t nat -A POSTROUTING -j MASQUERADE
This is necessary for the type of forwarding you are doing
Also,
It’s generally required to post either an exact error or a detailed description of the problem for a solution, just saying “It doesn’t work” isn’t sufficient, then you’d get only speculation.
TSU
I also just noticed that in your original post with the line
iptables -t nat -I PREROUTING -d 19x.xxx.xxx.xxx -m tcp -p tcp --dport 3389 -j DNAT --to 192.168.x.x:3386
you used the -I option to INSERT a rule (in this case it defaults to position one in the PREROUTING chain as you didn’t specify a rule number). It is nearly always better to use the -A (APPEND) option otherwise you could seriously disrupt the flow of the firewall. If you know what rules are contained already in the chain and you definitely want to insert the rule at a specific place then the -I (INSERT) option is fine, but if you just want to add a rule to a chain then using -A is generally preferred. In your case I don’t know which you wanted.