[Shorewall-newbies] DNAT problems
teastep at shorewall.net
Thu Feb 5 15:58:16 PST 2004
On Thursday 05 February 2004 02:59 pm, Tim Meadows wrote:
> Tom Eastep <teastep at shorewall.net> writes:
> >Odd then that the RealVNC FAQ includes this
> >"Can I make the VNC server listen on a different port number rather than
> >Sounds like you've succeeded...
> I only succeeded from INTERNAL. I cannot get it to connect from the
> Also, I tried adding the 5400 to the rules as Dark Ryder said, it didn't
> work either.
Ok. I've done a bit of experimenting here and have now caught up with what you
are trying to do. I haven't used the viewer in listening mode before.
The VNC server listens on ports 5800 and 5900 (display 0). The VNC Viewer in
Listen mode listens on ports 5400 and 5500.
If I attach the listening viewer from my server, I see only a single TCP
connection on port 5500 (sorry for the folding):
[root at ursa init.d]# netstat -tnap | fgrep 192.168.1.7
tcp 0 0 192.168.1.5:5500 192.168.1.7:4854
[root at ursa init.d]#
192.168.1.7 is the IP address of the server. 192.168.1.5 is the local IP
address where the vncviewer is running.
As far as Shorewall is concerned, it looks like you are doing everything
correctly with your single DNAT rule. That rule should support a vncviewer in
listening mode running on 10.10.10.193 with VNC servers in the "net" zone
connecting to that viewer.
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-newbies