Connecting Remote Assistance between 2 machines both behind NAT [Archive]

Click to See Complete Forum and Search --> : Connecting Remote Assistance between 2 machines both behind NAT

gravety

03-25-2002, 07:07 PM

Hi,

I am basically trying to do the above I have a machine behind a linux iptables setup. The other machine is on a different network behind a netgear router.

He can 'ask for assistance' if I have a direct connection but not if I'm connected through my server.... I have a feeling it may be as simple as telling iptables to forward all connections on the port to my client machine... (though im using DHCP)

Any Ideas - is this even possible??

[ 25 March 2002: Message edited by: gravety ]

gravety

04-02-2002, 11:38 AM

Clarification: The Remote Assistance I am referring to is the feature in Windows XP..

I have tried trying to open the 3389 (which M$ says is the connection port) with:

#Allow Remote Assistance
$IPT -A INPUT -p tcp --source-port 3389 -j ACCEPT
$IPT -A INPUT -p tcp --destination-port 3389 -j ACCEPT

To no avail...

Any ideas how I may achieve this? or how I can sucessfully log the requests...

FyberOptyx

04-02-2002, 02:49 PM

To log dropped packets add this to the end of your INPUT chain:
iptables -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level INFO --log-prefix "IPT INPUT packets denied: "

Make sure you have the modules loaded at the beginning:

/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit

jumpedintothefire

04-02-2002, 08:14 PM

Try:

iptables -t nat -A PREROUTING -i <eth0> -p tcp -s 0/0 -d <EXTIP> --dport 3389 -j DNAT --to <otherboxIP>:3389

replace <bla> with info for your setup.

have fun...

gravety

04-04-2002, 11:09 AM

Yeah got it working with:

#$IPT -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport $INPORT -m state --state NEW,ESTABLIS$

#$IPT -A PREROUTING -t nat -p tcp -d $EXTIP --dport $INPORT -j DNAT --to $PORTFWIP:$INPORT

Which works great!! trouble is you can tell messenger which ip to send the request from - so it still fails (as it tells the remote machine to connect to an internal address) I guess the only way to fix this is either fake the Win client machines ip, or run MS messenger on the linux server?! somehow!

jumpedintothefire

04-04-2002, 01:36 PM

---quote---
trouble is you can tell messenger which ip to send the request from - so it still fails (as it tells the remote machine to connect to an internal address)
-----------

OK, you lost me, where does messenger fit into this? 3389 is MS's Remote Display Protocol. What ports does messenger run on?

Think you need to load a helper module, see: http://www.e-infomax.com/ipmasq/

May be a vpn would solve things for you??