vnc past past firewall and ip-masqing.

shea martin snowsquirrel "at"
Wed, 13 Jun 2001 07:21:46 +0000

"Scott C. Best" wrote:

> Shea:
>         Heya. Fortunately, getting VNC running on your workstation
> is the difficult part. :)
>         I wrote the echowall.lrp package for the LRP Linux distro,
> a firewall configuration script. Here are the commands you need to
> add to your firewall setup to get VNC to work:
> ipchains -A input -s -d $IP_EXT/32 5900 -p tcp -y -l -j ACCEPT
> ipchains -A input -s -d $IP_EXT/32 5900 -p tcp -j ACCEPT
> ipmasadm portfw -a -P tcp -L $IP_EXT 5900 -R $VNC_HOST 5900
>         In the above, $IP_EXT is the IP-address you describe
> as "C", and $VNC_HOST is what you call "B". The first command
> just logs all initial connections (so you have some sense of
> how popular you've become...).
>         Once you've got this running, you can point any VNC
> viewer to your external IP, and the Linux box will "port forward"
> it to the PC you've indicated above. If you want to use the web
> browser based viewer, add the same 3 commands using 5800 instead
> of 5900.
>         Lastly, for more info on LRP, see
> It's a floppy-based Linux distro, nothing more than a 486 with
> 16MB RAM required, not even a HD. Cool.
>         Hope this helps!
> -Scott
> > I would like to be able to vnc into my workstation with ip 'B'.  The
> > problem is that my cable modem is connected to my other, old linux box,
> > which is set up as a firewall and ip-masq (running 2.2.18),
> >
> > with internal ip 'A', and external ip of 'C'.  My workstation then uses
> > the old box as a gateway.
> >
> > So how would vnc into my workstation via a computer at work, school,
> > etc?  Is this even possible???  I have used vnc quite a bit before, but
> > ip-masqing and firewall were set up for me by 'pmfirewall'.   So I
> > really don't know where to start, other than to have the vncserver
> > running on my workstation.

I have vnc running successfully.  I start the vncserver on box B, and then can log in w/ xvncviewer on B as well.  I logged into my Firewall/Masq box and entered the last two commands.  I tried to vnc
to my ip C, today at work, but I did not even get a password prompt.

Would it have made a difference if I had entered all 3 of the commands? I will try this tommorrow, hopefully it will work then.

I am assuming by running the 3 commands you specified, that I am opening up port 5900 on my firewall.  If I decide that I won't be using vnc for a while, how do I close the port up again?

Thanks for your time, I really appreciate the responce.

~Shea M.

ps - I am guessing that my situation is a very common one.  I was suprised not to find it in the FAQ.
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at"
See also: