Firewall setup mistake may help others
joel.lieberman "at" verizon.net
Fri Mar 26 14:47:01 2004
I recently made a rather silly mistake
while setting up firewall/NAT rules for
a VNC Server,
and after reflection, I thought that
documenting it might be of some help to
I created a rule to NAT tcp requests to
port 5900 for a VNC Server host.
Then I mistakenly set (and limited) the
incoming port (range) to 5900 also.
Point to remember:
While you should specify the exact
port(s) that will be forwarded "to",
you need to leave the "incoming" port
range open - unless you have
a specific reason to limit incoming
requests to only those from a known
The incoming port range is different
than setting rules to limit incoming
I hope my mistake may help others who
are setting up their firewall/NAT
Special thanks to Scott Best who prodded
my thinking in the right direction!
Joel Lieberman, Ph.D.