Alguém saber como fazer direcionamento pelo Shorewall

[gamaj1]

Gente, estou tentando acessar remotamente uma máquina que estra atraz de um servidor Linux (Firewall)

Por exemplo da minha casa quero acessar uma Máquina Com Windows XP prof. da rede local via TS.

Só que não consigo acessa-la, no entanto pela rede local sem problema.

O Modem ADSL Tem IP fixo (Plano empresa).

No servidor Linux o firewall é o Shorewall e tem estas regras de redirecionamento:

vim /etc/shorewall/rules

#
# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
################################################## ################################################## ########################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
##################################
## Imput: Local Net -> Firewall ##
##################################
# from all Local Net hosts
DNS/ACCEPT loc fw
SSH/ACCEPT loc fw
SMB/ACCEPT loc fw
ACCEPT loc fw udp 67 # DHCP Server
ACCEPT loc fw tcp 631 # CUPS
ACCEPT loc fw tcp 5666 # NRPE
#ACCEPT loc fw tcp 12489 # NSClient++.
ACCEPT loc fw tcp 4444 # SMS Power View
Ping/ACCEPT loc fw
AllowICMPs loc fw

## Imput: Internet -> Firewall ##
#################################
# from all Internet hosts
SSH/ACCEPT net fw
Ping/ACCEPT net fw
AllowICMPs net fw

################################################## #
## Forward with SourceNAT: Local Net -> Internet ##
################################################## #
# from: all Local Net hosts -> to: all Internet hosts
SMTP/ACCEPT loc net
POP3/ACCEPT loc net
ACCEPT loc net tcp 8080
ACCEPT loc net tcp 4444
ACCEPT loc net tcp 1099
HTTPS/ACCEPT loc net
HTTP/ACCEPT loc net:200.201.166.0/24,200.201.173.0/24,200.201.174.0/24 # Conectividade Social
ACCEPT loc net tcp 3456 # Receita Net

Ping/ACCEPT loc net
AllowICMPs loc net

#####################################
## Redirect for Proxy Transparenty ##
#####################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
# PORT(S) PORT(S) DEST
REDIRECT loc 3128 tcp http - !200.201.166.0/24,200.201.173.0/24,200.201.174.0/24
#
#FTP/ACCEPT net fw
ACCEPT loc fw tcp 3000
Web/ACCEPT loc fw
Web/ACCEPT net fw
Webmin/ACCEPT net fw
DNAT:info net loc:192.168.0.5:22 tcp 22
DNAT:info net loc:192.168.0.24 tcp 3389

#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE


Engraçado que tem uma outra máquina com Linux Debian 5 que eu consigo acessar via ssh sem problema, e a regra de redirecionamento é a mesma, porque só com a máquina Windows que não está dando certo.

Abaixo são os log no exatomomento que tenat fazer o acrsso remoto:

May 12 19:26:19 server-pdc kernel: [13440.120106] Shorewall:loc2fw:REJECT:IN=eth1 OUT= MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1 LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=147 PROTO=UDP SPT=123 DPT=123 LEN=56
May 12 19:26:20 server-pdc kernel: [13441.801174] Shorewall:net_dnathttp://www.guiadohardware.net/comuni...es/biggrin.gifNAT:IN=eth0 OUT= MAC=00:13:d4:fe:46:b9:00:1c:f0:03:67:e1:08:00 SRC=189.19.xxx.xxx DST=189.47.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=1054 DF PROTO=TCP SPT=60154 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0
May 12 19:26:26 server-pdc kernel: [13447.390318] Shorewall:loc2net:REJECT:IN=eth1 OUT=eth0 SRC=192.168.0.20 DST=200.144.121.33 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=1461 DF PROTO=UDP SPT=2048 DPT=123 LEN=56
May 12 19:26:31 server-pdc kernel: [13452.389149] Shorewall:loc2net:REJECT:IN=eth1 OUT=eth0 SRC=192.168.0.20 DST=200.144.121.33 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=1462 DF PROTO=UDP SPT=2048 DPT=123 LEN=56
May 12 19:26:35 server-pdc kernel: [13456.112881] Shorewall:loc2fw:REJECT:IN=eth1 OUT= MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1 LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=148 PROTO=UDP SPT=123 DPT=123 LEN=56
Shorewall:loc2fw:REJECT:IN=eth1 OUT= MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1 LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=149 PROTO=UDP SPT=123 DPT=123 LEN=56
May 12 19:27:07 server-pdc kernel: [13488.098411] Shorewall:loc2fw:REJECT:IN=eth1 OUT= MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1 LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=150 PROTO=UDP SPT=123 DPT=123 LEN=56
May 12 19:27:23 server-pdc kernel: [13504.091174] Shorewall:loc2fw:REJECT:IN=eth1 OUT= MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1 LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=151 PROTO=UDP SPT=123 DPT=123 LEN=56
May 12 19:27:39 server-pdc kernel: [13520.083951] Shorewall:loc2fw:REJECT:IN=eth1 OUT= MAC=00:08:54:1e:02:4c:00:1a:4d:98:1f:17:08:00 SRC=192.168.0.24 DST=192.168.0.1 LEN=76 TOS=0x00 PREC=0x00 TTL=128 ID=152 PROTO=UDP SPT=123 DPT=123 LEN=56


OBS: na Máquina Windows a qual quero acessar o firewall da mesma está habilitade para a porta tcp 3389 e para todas as rede (inlusive para internet).

Alguém tem idéia porque não tenho sucesso no acesso remoto?

Abraço
__________________

[gamaj1]

Alguém tem idéia porque não estou conseguinte acessar está máquina atraves do RDP fora da rede local?

[Não Registrado(s)]

Use as seguintes regras abaixo para redirecionar...

DNAT net loc:192.168.0.31:5900 tcp 5900 # REDIRECIONA REQUISIÇÃO VNC DO FW PARA PC INTERNO.
DNAT net loc:192.168.0.31:3389 tcp 3389 # REDIRECIONAMENTO PARA WTS (WINDOWS TERMINAL SERVICE).