IPTABLES not allowing Remote Desktop through

I hope someone out there can help me, I am new to linux etc, but have managed to get a FED Core 7 system up and running with Squid and Dansguardian. I have managed to build what I think is a goodish firewall using iptables and have allowed certain IP's and Services(at least I think so).

However, when I try and RDP to a windows server on my internal lan from an external IP it wont let me, but if I stop IPTABLES it will allow me, so I am pretty sure it is down to my IPTABLES. I would be grateful if someone would look at it and let me know just what I have done wrong or not done at all. I have also tried looking at the file /var/log/firewall to see what is being blocked, but this file is always empty and I dont know where else to look.


Thanx in advance

Dirk


copy of IPTABLES

# Generated by iptables-save v1.3.7 on Thu Aug 23 10:12:32 2007
*filter
:INPUT DROP [80:13895]
:FORWARD ACCEPT [484:170887]
:OUTPUT DROP [8:608]
:LOG_ACCEPT - [0:0]
:LOG_DROP - [0:0]
:icmp_packets - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -s 192.168.0.30 -p tcp -m tcp --dport 22 -j LOG_ACCEPT
-A INPUT -s 192.168.0.191 -p tcp -m tcp --dport 22 -j LOG_ACCEPT
-A INPUT -s 87.???.???.10 -p tcp -m tcp --dport 22 -j LOG_ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j LOG_ACCEPT
-A INPUT -p tcp -m tcp --dport 43 -j ACCEPT
-A INPUT -p udp -m udp --dport 37 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 443 --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 563 --dport 563 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
#-A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3389 -j ACCEPT
-A INPUT -s 192.168.0.30 -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -s 192.168.0.191 -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -s 87.???.???.10 -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -p icmp -j icmp_packets
-A INPUT -j LOG_DROP
-A INPUT -s ! 127.0.0.1 -p tcp -m tcp --dport 3128 -j DROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 20 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 23 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 43 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 37 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 443 --dport 443 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 563 --dport 563 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 3128 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 3389 -j ACCEPT
-A OUTPUT -d 127.0.0.1 -j ACCEPT
-A OUTPUT -p icmp -j icmp_packets
-A OUTPUT -j LOG_DROP
-A LOG_ACCEPT -j LOG --log-prefix "[IPTABLES ACCEPT] : " --log-tcp-options --log-ip-options
-A LOG_ACCEPT -j ACCEPT
-A LOG_DROP -j LOG --log-prefix "[IPTABLES DROP] : " --log-tcp-options --log-ip-options
-A LOG_DROP -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A icmp_packets -s 192.168.0.52 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A icmp_packets -p icmp -m icmp --icmp-type 8 -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A icmp_packets -p icmp -m icmp --icmp-type 11 -j ACCEPT
COMMIT
# Completed on Thu Aug 23 10:12:32 2007
# Generated by iptables-save v1.3.7 on Thu Aug 23 10:12:32 2007
*mangle
:PREROUTING ACCEPT [9741:3710201]
:INPUT ACCEPT [9076:3530626]
:FORWARD ACCEPT [484:170887]
:OUTPUT ACCEPT [9803:5873995]
:POSTROUTING ACCEPT [10279:6044274]
-A PREROUTING -i eth0 -j MARK --set-mark 0x9
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
COMMIT
# Completed on Thu Aug 23 10:12:32 2007
# Generated by iptables-save v1.3.7 on Thu Aug 23 10:12:32 2007
*nat
:PREROUTING ACCEPT [322:25511]
:POSTROUTING ACCEPT [193:11619]
:OUTPUT ACCEPT [201:12227]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A POSTROUTING -m mark --mark 0x9 -j MASQUERADE
COMMIT
# Completed on Thu Aug 23 10:12:32 2007Start Free Trial