Redirecting vnc port on RH80
Jordan Share
nospam-vnc@jwiz.org
Tue Feb 4 17:17:05 2003
At 02:01 AM 2/4/2003, Dietmar.Friesch wrote:
>"Hello world"
>Anyone out there who can kick me into touch why this is not working
>
>World (real viewerr IPRH80:5901 ->
> RH80 (iptables)
> -> w2k-vnc (real 336 server on
>5900
>
>Setting in RH80
>iptables -A INPUT -p tcp -m tcp --dport 5901 --syn -j ACCEPT
> This works I can telnet the vncserver on RH80 5901 and establish
> a viewer connection to RH80, I can -j DROP/REJECT
>
> From RH80 I can telnet and vncview w2k-vnc on 5900
>
>now setting
>iptables -t nat -A PREROUTING -p tcp -d RH80-IP --dport 5901 -j DNAT
>--to-destination w2k-IP:5900
>
>leaves me stuck with with both vncviewer and telnet telling me that the
>cannot connect to server
You have to also allow it in the FORWARD chain.
INPUT = packets coming into the linuxbox
FORWARD = packets going through the linuxbox
OUTPUT = packets coming from the linuxbox
The reason the first one works, is that you are accepting it in the input
chain, which goes to the linuxbox. For packetforwarding to work, you need
to use the FORWARD chain.
Perhaps something like:
iptables -t filter -A FORWARD -p tcp -d w2k-IP --jump ACCEPT
Jordan