Q: ipchains/ipmasqadm and VNC

Jonathan Morton chromatix "at" penguinpowered.com
Thu, 09 Nov 2000 16:59:43 +0000

># accept any packets from ports above 5900 from anywhere to port 5900 on the
>firewall's external interface
>ipchains -A input -s 5900: -d $LocalHost 5900 -p tcp -i
>$ExternalInterface -j ACCEPT --log
>ipchains -A output -s $LocalHost 5900: -d 5900: -p tcp -i
>$ExternalInterface -j ACCEPT --log
>ipmasqadm portfw -a -P tcp -L $LocalHost 5900 -R $LocalVNCHost 5900

VNC connections can be made from *any* port (above 1024), only the
destination port is fixed.  Try the following:

ipchains -A input -s 1024: -d $LocalHost 5900 -p tcp -i
$ExternalInterface -j ACCEPT --log
ipchains -A output -s $LocalHost 5900: -d 1024: -p tcp -i
$ExternalInterface -j ACCEPT --log
ipmasqadm portfw -a -P tcp -L $LocalHost 5900 -R $LocalVNCHost 5900

