port forwarding through a firewall problems
Scott C. Best
sbest "at" best.com
Mon Jul 29 18:21:01 2002
Heya. Two quick suggestions for you:
1. When you're trying to connect to your win98 machine from the
outside world, are you using the 192.168.0.16 address or
the masqueraded address? Of course, you should be using the
2. If you are using the masqueraded address, then it's likely the
firewall is not quite setup right. I'm suspect Mandrake 8.2
uses netfilter, not ipchains which I am more familiar with.
With ipchains (2.2 kernels), you need to specify two rules
for every port-forward: one which opens the the port in the
input chain (ie, it ACCEPT's incoming TCP connections on ports
5900 and 5800) , and one which forwards those connections to
an internal machine.
Anyhow..as always, try "telnet ext.masq'd.ip.address. 5900"
from the outside world and see if you get the RFB response.
If you don't...check the firewall logs on the Mandrake, and
see which rule is blocking the connection.
> Hello all,
> I have a small lan at work that is masqueraded onto our internet connection by
> a computer running Mandrake Linux 8.2 with gShield and Bastille acting as
> firewalls. All the other computers on the lan are running windows 98/98se.
> I have VNC running on my computer (win98) at the office and the firewall is
> setup to port forward both 5800 and 5900 ports to 192.168.0.16:5800 or 5900
> respectively for both tcp and udp traffic. So as far as i can tell the
> firewall is configured correctly.
> When i try to connect from another computer on the lan everything works
> When i try to connect to the server from home though all i get is "Failed to
> connect" messages.
> Is there something else that i need to do to get this to work correctly?
> Thanks in advance,
> Ian K. Harrell
> Fireman71 "at" usa.net