Re: iptables and vnc
From: Sean Estabrooks (seanlkml_at_rogers.com)
Date: 08/28/03
- Previous message: Bradley Caricofe: "RE: Shell Script Functionality"
- In reply to: Steve Buehler: "iptables and vnc"
- Next in thread: Steve Buehler: "Re: iptables and vnc"
- Reply: Steve Buehler: "Re: iptables and vnc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: redhat-list@redhat.com Date: Wed, 27 Aug 2003 21:30:37 -0400
On Wed, 27 Aug 2003 19:17:48 -0500
Steve Buehler <steve@ibapp.com> wrote:
> I am REAL new to iptables. I installed RedHat 9 with the firewall set on
> "High". The firewall only allows things like http, ftp, smtp and
> domain. How can I open up the firewall so that I can open it up for VNC
> connections to the server. I presume that you use iptables, but I haven't
> been able to get the right setup for it. Right now my iptables look like this:
> ======================
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> RH-Lokkit-0-50-INPUT all -- anywhere anywhere
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> RH-Lokkit-0-50-INPUT all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain RH-Lokkit-0-50-INPUT (2 references)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere tcp dpt:http
> flags:SYN,RST,ACK/SYN
> ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
> flags:SYN,RST,ACK/SYN
> ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
> flags:SYN,RST,ACK/SYN
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT udp -- 0.0.0.0 anywhere udp spt:domain
> ACCEPT udp -- mydnsservername.com anywhere udp spt:domain
> REJECT tcp -- anywhere anywhere tcp
> flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
> REJECT udp -- anywhere anywhere udp reject-with
> icmp-port-unreachable
> =======================
>
> I have two lan cards in the machine. eth0 is for the WAN and eth1 is
> trusted in the firewall for the LAN. So I can use vnce on the LAN, but
> can't connect to it on the external IP on the WAN. I have done some
> searching and found the following lines to add, but they don't seem to open
> it up for me unless there is something that I have to do after entering
> these at the command line to make them work.
>
> iptables -A INPUT -p tcp --sport 5801 -j ACCEPT
> iptables -A INPUT -p tcp --sport 5901 -j ACCEPT
> iptables -A INPUT -p tcp --sport 6001 -j ACCEPT
>
>
Hi Steve,
Try changing the "-A" to "-I" in each of the above
commands so that these rules fire before the Lokkit
rules.
Also, the --sport looks wrong to me, to my
eye it should be --dport so try that change too
if the above idea alone doesn't work.
Good Luck,
Sean
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Bradley Caricofe: "RE: Shell Script Functionality"
- In reply to: Steve Buehler: "iptables and vnc"
- Next in thread: Steve Buehler: "Re: iptables and vnc"
- Reply: Steve Buehler: "Re: iptables and vnc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
