[Shorewall-newbies] DNAT problems

Tim Meadows tmeadows at techteam.org
Thu Feb 5 16:17:57 PST 2004


Tom,

>And it didn't occur to you to try the "Quick Search" in the top Website
>frame?

I did try the "Quick Search" and everything I tried to search based on
either says to do exactly like I have or came up with nothing.
>
>
>The VNC port number is 5900+<display number>. So
>
>Display 0 = 5900
>Display 1 = 5901

That is fine but RealVNC by default seems to use 5500.  While using it on
the internal network I did it with the ":5900" at the end of the "Add
Client" - to make the connection - and it failed.  I tried 5800 and it
failed.  I tried 5500 and it worked fine.  So I assume that to get it to
work from outside I should try the same thing "5500"  - Which must mean
that my display is 0 (does that mean that it is the first (or only) VNC
"device" listening?

I did a SHOREWALL SHOW NAT on the server and it shows the following:
=============
Shorewall-1.3.7b NAT at WebServer - Thu Feb  5 16:12:26 CST 2004

Counters reset Thu Feb  5 15:00:17 CST 2004

Chain PREROUTING (policy ACCEPT 333K packets, 34M bytes)
 pkts bytes target     prot opt in     out     source              
destination 
  841 91573 net_dnat   all  --  eth0   *       0.0.0.0/0           
0.0.0.0/0   

Chain POSTROUTING (policy ACCEPT 7987 packets, 1077K bytes)
 pkts bytes target     prot opt in     out     source              
destination 

Chain OUTPUT (policy ACCEPT 8627 packets, 1118K bytes)
 pkts bytes target     prot opt in     out     source              
destination 

Chain net_dnat (1 references)
 pkts bytes target     prot opt in     out     source              
destination 
   20   960 DNAT       tcp  --  *      *       0.0.0.0/0           
0.0.0.0/0          tcp dpt:5500 to:10.10.10.193
[root at WebServer shorewall]#
=============

Does that help at all?
    Thanks, 
    Tim




More information about the Shorewall-newbies mailing list