Q: ipchains/ipmasqadm and VNC

Jonathan Morton chromatix "at" penguinpowered.com
Thu, 09 Nov 2000 16:59:43 +0000


># accept any packets from ports above 5900 from anywhere to port 5900 on the
>firewall's external interface
>ipchains -A input -s 0.0.0.0/0 5900: -d $LocalHost 5900 -p tcp -i
>$ExternalInterface -j ACCEPT --log
>ipchains -A output -s $LocalHost 5900: -d 0.0.0.0/0 5900: -p tcp -i
>$ExternalInterface -j ACCEPT --log
>ipmasqadm portfw -a -P tcp -L $LocalHost 5900 -R $LocalVNCHost 5900

VNC connections can be made from *any* port (above 1024), only the
destination port is fixed.  Try the following:

ipchains -A input -s 0.0.0.0/0 1024: -d $LocalHost 5900 -p tcp -i
$ExternalInterface -j ACCEPT --log
ipchains -A output -s $LocalHost 5900: -d 0.0.0.0/0 1024: -p tcp -i
$ExternalInterface -j ACCEPT --log
ipmasqadm portfw -a -P tcp -L $LocalHost 5900 -R $LocalVNCHost 5900

--------------------------------------------------------------
from:     Jonathan "Chromatix" Morton
mail:     chromi "at" cyberspace.org  (not for attachments)
big-mail: chromatix "at" penguinpowered.com
uni-mail: j.d.morton "at" lancaster.ac.uk

The key to knowledge is not to rely on people to teach you it.

Get VNC Server for Macintosh from http://www.chromatix.uklinux.net/vnc/

-----BEGIN GEEK CODE BLOCK-----
Version 3.12
GCS$/E/S dpu(!) s:- a19 C+++ UL++ P L+++ E W+ N- o? K? w--- O-- M++$ V? PS
PE- Y+ PGP++ t- 5- X- R !tv b++ DI+++ D G e+ h+ r- y+
-----END GEEK CODE BLOCK-----
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------