VNC and ipmasqadm forwarding

Trent Gemmill trentgem "at" nycap.rr.com
Fri, 10 Nov 2000 02:59:03 +0000


I have been having great trouble getting VNC to work across my firewall.

 When I connect inernally it works fine, either directly or with the
java applet on netscape. On a remote system I get the java applet by
http(netscape) but on entering a password I get 'No route to host'. The
VNC logs show only the applet transmission (via port 5805) and no
connect in this case. Direct connections with the windows program yeilds
only a time out. no VNC log entries. Lynx or telnet to the 5905
(connect) port displays the expected  message similar to "BR 003.003"
(not exact) and the VNC logs show this connect and register it as an
innapropriate connection.  The host always appears as mojo (the local
machine name for 192.168.1.3) guest's x desktop (mojo:5) on the [local
net] vnc screen or in the view source of the [remote] applet. Below is a
portion of my firewall script:

/sbin/ipchains -A forward -j MASQ -i $EXTIF -s $INTLAN -d $UNIVERSE
/sbin/ipchains -A forward -p tcp --dport 5800:5805 -j ACCEPT
/sbin/ipchains -A forward -p udp --dport 5800:5805 -j ACCEPT
/usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 5805 -R 192.168.1.3 5805
/usr/sbin/ipmasqadm portfw -a -P udp -L $EXTIP 5805 -R 192.168.1.3 5805
#
/usr/sbin/ipmasqadm portfw -a -P tcp -L $EXTIP 5905 -R 192.168.1.3 5905
/usr/sbin/ipmasqadm portfw -a -P udp -L $EXTIP 5905 -R 192.168.1.3 5905

I cannot, for several reasons, use the http tunnel that has been
described, and I have tried reading and searching the mailing lists and
online documentation with only a few suggestions, none of which worked
for me. I have had VNC working in the past on my firewalling machine,
but it's a 25mhz 486. I would rather not add a special VNC intermediate
program on this machine.

I'm running Red Hat 6.1 on the 300 Mhz [VNC] machine (and also on the
firewall machine). I've downloaded the latest versions of ipmasqadm, and
VNC. I have adjusted nothing in VNC and am using the defaults.

Could there be something I'm overlooking? Is there now some other port
or protocol that I need to allow redirected through pass the firewall?
Could VNC somehow be confused by looking up mojo instead of an external
IP?

Any help would be greatly appreciated!
Trent
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------