# Shorewall Port Forwarding

## cornish

My outside interface is 100.100.100.100

My internal server is 192.168.0.20

I want to connect to the server via RDP from another location on port 33897

so far I have done this

Does this look correct

#ACTION SOURCE          DEST            PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/   MARK

#                                               PORT    PORT(S)         DEST            LIMIT           GROUP

# Allow Remote Desktop to SERVER 01

DNAT   net             loc:192.168.0.20 tcp     3389    33897

----------

## Bones McCracker

Yes, but such questions might be best directed to the shorewall mailing list.

----------

## zeek

 *cornish wrote:*   

> 
> 
> ```
> 
> #ACTION SOURCE          DEST            PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/   MARK
> ...

 

Source port should be empty ... you want to redirect to internal port 3389.  Something like this:

```

#ACTION SOURCE          DEST            PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/   MARK

#                                               PORT    PORT(S)         DEST            LIMIT           GROUP

# Allow Remote Desktop to SERVER 01

DNAT   net             loc:192.168.0.20:3389    tcp     33897
```

----------

## Bones McCracker

That's right.

Although the term "redirect" might be confusing.  A "redirect" sends a request to a server running on the firewall itself (rewriting only the port and not the destination address, unlike NAT which rewrites the whole address).  This case is a NAT and not a redirect.

----------

