Re: iptables and vnc

[Steve Buehler]

Thank You for your prompt reply.  I haven't tried this yet as I have 
finally gotten it to work by tunneling through my SSH program.  That is 
suppose to be much more secure anyway.  I will still try this out sometime 
soon though.  Just because I need to learn how to do IPtables anyway.

thanks
steve
At 09:30 PM 8/27/2003 -0400, Sean Estabrooks wrote:
On Wed, 27 Aug 2003 19:17:48 -0500
Steve Buehler <[EMAIL PROTECTED]> wrote:
> I am REAL new to iptables.  I installed RedHat 9 with the firewall set on
> "High".  The firewall only allows things like http, ftp, smtp and
> domain.  How can I open up the firewall so that I can open it up for VNC
> connections to the server.  I presume that you use iptables, but I haven't
> been able to get the right setup for it.  Right now my iptables look 
like this:
> ======================
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain RH-Lokkit-0-50-INPUT (2 references)
> target     prot opt source               destination
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:http
> flags:SYN,RST,ACK/SYN
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp
> flags:SYN,RST,ACK/SYN
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:smtp
> flags:SYN,RST,ACK/SYN
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     udp  --  0.0.0.0              anywhere           udp spt:domain
> ACCEPT     udp  --  mydnsservername.com    anywhere           udp 
spt:domain
> REJECT     tcp  --  anywhere             anywhere           tcp
> flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
> REJECT     udp  --  anywhere             anywhere           udp 
reject-with
> icmp-port-unreachable
> =======================
>
> I have two lan cards in the machine.  eth0 is for the WAN and eth1 is
> trusted in the firewall for the LAN.  So I can use vnce on the LAN, but
> can't connect to it on the external IP on the WAN.  I have done some
> searching and found the following lines to add, but they don't seem to 
open
> it up for me unless there is something that I have to do after entering
> these at the command line to make them work.
>
> iptables -A INPUT -p tcp --sport 5801 -j ACCEPT
> iptables -A INPUT -p tcp --sport 5901 -j ACCEPT
> iptables -A INPUT -p tcp --sport 6001 -j ACCEPT
>
>

Hi Steve,

    Try changing the "-A" to "-I" in each of the above
commands so that these rules fire before the Lokkit
rules.
    Also,  the --sport looks wrong to me, to my
eye it should be --dport so try that change too
if the above idea alone doesn't work.
Good Luck,
Sean
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
--
This message has been scanned for viruses and
dangerous content by the MailScanner at ow4, and is
believed to be clean.


--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list