On Mon, 25 Aug 2003 13:51:37 -0500 "P. Kallakuri" <[EMAIL PROTECTED]> wrote: > vncviewers from other clients behind the firewall. but when i ssh to the > gateway from [EMAIL PROTECTED] with the -L > 5903:vncserver:5903 option and forward from the gateway to the vncserver > using another ssh -L ..., i am not able to connect to the vncserver at > port 5903 on localhost. with a RealVNC viewer, i get an error like > "channel 2 or 4: administratively prohibited" and with TightVNC, i get > just a connection failure. nmap output for the gateway after the port > 5903 forwarding gives the same results as above. but for the vncserver > behind the firewall, everything seems ok:
What does ssh -v tell you? Is it really setting up the port forward?
> secondly, how can i close the filtered ports?
Set them to REJECT instead of DROP. REJECT makes them looked closed to
the outside world. DROP is a hint something is listening and just not
answering hence filtered.
> i cannot find what process is keeping them. i know that i disabled ICMP
> requests on my gateway,
Ungh. Why? Why disable ICMP. I never figured that one out. Anything
goes wrong with that line and you'll need to remember to turn it back on so as
not to waste the tech's time. "Uh, I can't ping your machine, are you sure it
is plugged in?" "Oh, wait, hold on, I turned off that diagnostic tool."
--
Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
PGP Key: 8B6E99C5 | main connection to the switchboard of souls.
-------------------------------+---------------------------------------------
pgp00000.pgp
Description: PGP signature
