vnc past past firewall and ip-masqing.

Scott C. Best sbest "at"
Mon, 11 Jun 2001 07:17:54 +0000

	Heya. Fortunately, getting VNC running on your workstation
is the difficult part. :)
	I wrote the echowall.lrp package for the LRP Linux distro,
a firewall configuration script. Here are the commands you need to
add to your firewall setup to get VNC to work:

ipchains -A input -s -d $IP_EXT/32 5900 -p tcp -y -l -j ACCEPT
ipchains -A input -s -d $IP_EXT/32 5900 -p tcp -j ACCEPT
ipmasadm portfw -a -P tcp -L $IP_EXT 5900 -R $VNC_HOST 5900

	In the above, $IP_EXT is the IP-address you describe
as "C", and $VNC_HOST is what you call "B". The first command
just logs all initial connections (so you have some sense of
how popular you've become...).
	Once you've got this running, you can point any VNC
viewer to your external IP, and the Linux box will "port forward" 
it to the PC you've indicated above. If you want to use the web
browser based viewer, add the same 3 commands using 5800 instead 
of 5900.
	Lastly, for more info on LRP, see
It's a floppy-based Linux distro, nothing more than a 486 with
16MB RAM required, not even a HD. Cool.
	Hope this helps!


> I would like to be able to vnc into my workstation with ip 'B'.  The
> problem is that my cable modem is connected to my other, old linux box,
> which is set up as a firewall and ip-masq (running 2.2.18),
> with internal ip 'A', and external ip of 'C'.  My workstation then uses
> the old box as a gateway.
> So how would vnc into my workstation via a computer at work, school,
> etc?  Is this even possible???  I have used vnc quite a bit before, but
> ip-masqing and firewall were set up for me by 'pmfirewall'.   So I
> really don't know where to start, other than to have the vncserver
> running on my workstation.
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at"
See also: