IPTables and remote access to the network
So, the network is set up, the packets go, the Internet works, the rights are cut - in general the moment when you can take a breath and tackle the server for the convenience of not the user, but the administrator. And what do you want the right system administrator? Of course! So that his work duties take away as little free time as possible. And what serves this best of all is naturally remote access.
Today, this is no surprise to anyone - almost everyone has unlimited Internet, so you can get access to your favorite server from anywhere.
And what to do, if behind one IP-address a vast network with several servers is hidden, each of which may need access?
Naturally, there is an option to install something like Radmin on each of them, and use one as a “transshipment base”. However, Radmin can not always help - you need a full-fledged "native" terminal. What to do in this case? You just need to enter the difference to which port to call.
')
I will describe a bit the structure of the network, which will be discussed. External IP is one. The gateway server running Linux is connected to the ADSL modem, the second server interface is connected to the network. The Internet is distributed on several subnets, each of which has a server that can be accessed via RDP.
For 192.168.100.1, we assume the address of the external interface of the gateway server. eth0 - "internal" interface, eth1 - "external". 192.168.1.1 - the address of the first server, 192.168.2.1 - the second one, etc.
I think it is not necessary to describe in detail the process of editing rules IPTABLES. Therefore, we will focus on how to give access from the outside to several servers.
First you need to forward ports from an ADSL modem to the server. We determine how much we need them. For example, six - we configure ports from 3384 to 3389 for forwarding.
Next, we just need to process the packet that the modem accepts and send it to the server we need:
What do we get? If we launch the RDP client to the external address of the modem, the gateway will forward it to the required server within the network, focusing on the ports. If we specify the connection address without specifying the port, we will connect to the server 192.168.1.1.
The method is not perfect, but quite working. And the main thing is simple and does not require any effort to implement.
Thank you for attention. I would be glad if it is useful to someone.
Today, this is no surprise to anyone - almost everyone has unlimited Internet, so you can get access to your favorite server from anywhere.
And what to do, if behind one IP-address a vast network with several servers is hidden, each of which may need access?
Naturally, there is an option to install something like Radmin on each of them, and use one as a “transshipment base”. However, Radmin can not always help - you need a full-fledged "native" terminal. What to do in this case? You just need to enter the difference to which port to call.
')
I will describe a bit the structure of the network, which will be discussed. External IP is one. The gateway server running Linux is connected to the ADSL modem, the second server interface is connected to the network. The Internet is distributed on several subnets, each of which has a server that can be accessed via RDP.
For 192.168.100.1, we assume the address of the external interface of the gateway server. eth0 - "internal" interface, eth1 - "external". 192.168.1.1 - the address of the first server, 192.168.2.1 - the second one, etc.
I think it is not necessary to describe in detail the process of editing rules IPTABLES. Therefore, we will focus on how to give access from the outside to several servers.
First you need to forward ports from an ADSL modem to the server. We determine how much we need them. For example, six - we configure ports from 3384 to 3389 for forwarding.
Next, we just need to process the packet that the modem accepts and send it to the server we need:
iptables -t nat -A PREROUTING -p tcp -d 192.168.100.1 --dport 3385 -j DNAT to-destination 192.168.2.1:3389
iptables -t nat -A PREROUTING -p tcp -d 192.168.100.1 --dport 3386 -j DNAT to-destination 192.168.3.1:3389
iptables -t nat -A PREROUTING -p tcp -d 192.168.100.1 --dport 3389 -j DNAT to-destination 192.168.1.1:3389iptables -A FORWARD -i eth1 -o eth0 -d 192.168.1.1 -p tcp --dport 3389 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -d 192.168.2.1 -p tcp --dport 3389 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -d 192.168.3.1 -p tcp --dport 3389 -j ACCEPTWhat do we get? If we launch the RDP client to the external address of the modem, the gateway will forward it to the required server within the network, focusing on the ports. If we specify the connection address without specifying the port, we will connect to the server 192.168.1.1.
The method is not perfect, but quite working. And the main thing is simple and does not require any effort to implement.
Thank you for attention. I would be glad if it is useful to someone.
Source: https://habr.com/ru/post/82559/
All Articles