Archive for February, 2009
It’s came to my mind to let my vpn server (Linux) do port forward for port 3389 to my back-end Windows server for ESX monitoring purposes. I knew we can accomplish this with “iptables” but is this enough when I communicate to my internal server from outside via vpn?
What I want :-
- Internet — [vpn] –> linux —> [Port Forward | RDP] –> windows
- vpn server (linux) : 10.8.0.1 & 192.168.0.3
- rdp server (windows) : 192.168.0.10
On the linux vpn server I run this two command :
- $iptables -t nat -A PREROUTING -p tcp -i tun0 –dport 3389 -j DNAT –to 192.168.0.10:3389
- $iptables -A FORWARD -p tcp -m state –state NEW –dport 3389 -i tun0 -j ACCEPT
Above command should forward any destination port 3389 to my rdp server (192.168.0.10) via my linux tun0 (vpn) interface and when I launched remote session internally, the above command working flawlessly without problem. This is because the remote session actually happened via my linux 192.168.0.3 ip instead 10.8.0.1. But when I try to initiate remote desktop session from outside and it’s failed. By the way, iptraf telling me that it’s successfully forward me to my rdp server.
Since I’m not good enough with networking related issue, I seeked an advice from my Sifu “Steelburned” and thanks to him because he also had this problem before. As per his explanation, without doubt vpn server successfully forward me to the rdp server via tun0 but he doubted that the rdp server manage to reply back the connection via his default gateway (192.168.0.0).
So, it’s something to do with my rdp server routing table. How my rdp server want to communicate back to back between 10.8.0.0 and 192.168.0.0 subnet?. By adding new gateway to the rdp server as below, I managed to solve the problem.
C:\route ADD 10.8.0.0 MASK 255.255.255.0 192.168.0.3
athlon_crazy 22/02/2009 04:38amNo comments
Today with nothing better to do, I spent few time to look into my Linux servers and just to verify all the services running as normal. When it come to my Sendmail server I found out that my email can’t be sent out with below error message :-
Feb 18 21:21:06 (none) sm-mta: n1GGL5Pd029739: to=, delay=1+21:00:01, xdelay=00:00:00, mailer=relay, pri=9752261, relay=smtp-proxy.tm.net.my., dsn=4.0.0, stat=Deferred
Feb 18 21:21:06 (none) sm-mta: n1GCHRXA032586: to=, delay=2+01:03:38, xdelay=00:00:00, mailer=relay, pri=10741056, relay=smtp-proxy.tm.net.my., dsn=4.0.0, stat=Deferred
I still remember no modification on my sendmail for the past 3 months but why suddenly this thing happened? After few try sending email via thunderbird, kmail & etc but still no success. As we know, our mail server must use TMnet smarthost & all email must send via port 587. Finally I telnet tmnet server one by one and you know what, out of sudden, currently TMnet only allow your email send via old port which is port 25. No notice or announcement made by TMnet and they surely good on that. Bravo TMNET keep us headache….
by athlon_crazy 18/02/2009 21:47 pmNo comments