If you use Squid as transparent proxy and have no need for IPSec you can use iptables to do DNAT.
Suppose the win2k server has the address 10.10.10.10
and uses the standard RDP port this rule should pass the RDP traffic:
iptables -t nat -A PREROUTING -p tcp --dport 3389 -j DNAT --to 10.10.10.10:3389
If you want extra security you can also specify which interfaces/clients/networks are allowed to connect.
Examples:
only allow eth0
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 3389 -j DNAT --to 10.10.10.10:3389
only allow ip 10.10.100.100
iptables -t nat -A PREROUTING -p tcp -s 10.10.100.100 --dport 3389 -j DNAT --to 10.10.10.10:3389
similarly, only allow connections from a specific network
iptables -t nat -A PREROUTING -p tcp -s 10.0.0.0/8 --dport 3389 -j DNAT --to 10.10.10.10:3389
In the unlikely case your win2k server does not have a static ip you need to add this rule also:
iptables -t nat -A POSTROUTING -p tcp --dport 3389 -j MASQUERADE
Read up here for a very understandable explanation of NAT and DNAT
"Questions seeking product, service, or learning material recommendations are off-topic because they become outdated quickly and attract opinion-based answers. Instead, describe your situation and the specific problem you're trying to solve. Share your research." – Ƭᴇcʜιᴇ007 – 2014-02-06T20:29:47.707