Remote Desktop to WinXP Pro through Debian Linux firewall

Hi ya'll, got a toughie for yaz:
I am sitting at home trying to connect to a winxp machine inside my company network (in another city) but it doesn't work obviously because the traffic to port 3389 is stopped at our Linux Debian firewall. Anybody know how to configure the firewall to let traffic to 3389 through?
I tried this:
/home/me# iptables -A tcp_inbound -p TCP -s 0/0 --destination-port 3389 -j ACCEPT

then i restarted the linux machine and tried to connect but still get a "not able to connect"
I know that there is nothing wrong with the Remote Desktop setup because i can connect from another machine inside the company network.

Which logs on linux should i check to see what is happening?
How do i configure the firewall properly?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NickbudsAuthor Commented:
Heres som data from my syslog:

Nov 10 18:09:56 localhost kernel: INPUT packet died: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx DST= LEN=48 TOS=0x00 P
REC=0x00 TTL=109 ID=46768 DF PROTO=TCP SPT=65466 DPT=3389 WINDOW=16384 RES=0x00

Nov 10 18:09:59 localhost kernel: INPUT packet died: IN=eth0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx DST= LEN=48 TOS=0x00 P
REC=0x00 TTL=109 ID=46769 DF PROTO=TCP SPT=65466 DPT=3389 WINDOW=16384 RES=0x00
NickbudsAuthor Commented:
I also know that the router between our network and the internet is letting 3389 traffic through because of the above info...there wouldn't be those lines in my linux log if nothing had gotten through the router to linux (or am i wrong?).
Does the firewall have a web interface?  try connecting to your firewall via the web.  typically it will use a non standard port such as 81  or  441 (for ssl)
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

NickbudsAuthor Commented:
the router firewall? why? i can access it through telnet. it is configured properly. the traffic is stopping at the linux firewall behind the router.
NickbudsAuthor Commented:
maybe the problem is that i am not forwarding the port traffic, i am just accepting it...that seriously is probably the i just need to know what the proper syntax is for debian iptables forwarding
NickbudsAuthor Commented:
the linux box has 2 interfaces: (facing the router to the internet) (facing inwards to the intranet)
i have now got this lines in my /etc/network/if-up.d/ file:
# Prerouting chain
$IPT -t nat -A PREROUTING -i $INET_FACE --protocol tcp --sport 1: --dport 3389 -j DNAT --to

but when i run the firewall script i get the following error:
Loading kernel modules ...
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.log_martians = 1
Flushing Tables ...
Create and populate custom rule chains ...
Process INPUT chain ...
Process FORWARD chain ...
Process OUTPUT chain ...
Load rules for nat table ...
Bad argument `tcp'
Try `iptables -h' or 'iptables --help' for more information.
Load rules for mangle table ...

the 'tcp' it is referring to is in the line above, my prerouting chain. as far as i can see the syntax is correct..
NickbudsAuthor Commented:
administrators: should this be reposted in the linux area, no networking experts seem to be helping/know what to do...?
Yes the problem does seem to be port forwarding.  I made the comment about the web interface becasue if it is available, it may be easier for you to find the required configuration options such as portforwarding.
NickbudsAuthor Commented:
i found out how to do it myself: (this is in norwegian),forwarding

the problem was that i was operating with the wrong firewall, the one that gets loaded when /etc/init.d/networking starts up is /etc/openvpn/

put this in the forward chain:
# rdesktop
$IPT -A FORWARD -p tcp -i $INET_IFACE --destination-port 3389 -j ACCEPT

and this in the prerouting chain:
# rdesktop
$IPT -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to IP-of-machine-running-remote-desktop-server

after this i stopped and restarted the firewall:
sh /etc/openvpn/ stop
sh /etc/openvpn/ start

I think the Nickbuds request to receive his expert points for himself is valid.  I feel the points should go toward whoever answers the question regardless of their specific status.  that is assuming it's a legitimate question.  Safeguards should be in place to prevent someone from posting and answering their own question just to receive points though.
Closed, 500 points refunded.
Community Support Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.