Code:
-A PREROUTING -p tcp -m tcp -i eth4 --dport 3389 -j DNAT --to-destination 192.168.0.240:3389
As far as I can see, anyone on the Internet can connect to this port. That's a huge security hole. You either need to specify the source IP addresses for legitimate users, or adopt some kind of VPN.
My servers, housed at Linode, only allow traffic from each other and over the VPN that interconnects them with my office. I have a "back door" into the network that I can use when I am traveling. I only ever use SSH to connect to these machines. I don't see any value to shipping entire desktops over the Internet just to manage servers. If I want to use a GUI application on a remote machine, I use "ssh -X" to set up a tunnel.
Bookmarks