Re: iptables and vnc
From: Steve Buehler (steve_at_ibapp.com)
Date: 08/28/03
- Previous message: Simon Tischer: "ext3 to ext2"
- In reply to: Sean Estabrooks: "Re: iptables and vnc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: redhat-list@redhat.com, seanlkml@rogers.com Date: Thu, 28 Aug 2003 07:52:59 -0500
Thank You for your prompt reply. I haven't tried this yet as I have
finally gotten it to work by tunneling through my SSH program. That is
suppose to be much more secure anyway. I will still try this out sometime
soon though. Just because I need to learn how to do IPtables anyway.
thanks
steve
At 09:30 PM 8/27/2003 -0400, Sean Estabrooks wrote:
>On Wed, 27 Aug 2003 19:17:48 -0500
>Steve Buehler <steve@ibapp.com> wrote:
>
> > I am REAL new to iptables. I installed RedHat 9 with the firewall set on
> > "High". The firewall only allows things like http, ftp, smtp and
> > domain. How can I open up the firewall so that I can open it up for VNC
> > connections to the server. I presume that you use iptables, but I haven't
> > been able to get the right setup for it. Right now my iptables look
> like this:
> > ======================
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> > RH-Lokkit-0-50-INPUT all -- anywhere anywhere
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> > RH-Lokkit-0-50-INPUT all -- anywhere anywhere
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain RH-Lokkit-0-50-INPUT (2 references)
> > target prot opt source destination
> > ACCEPT tcp -- anywhere anywhere tcp dpt:http
> > flags:SYN,RST,ACK/SYN
> > ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
> > flags:SYN,RST,ACK/SYN
> > ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
> > flags:SYN,RST,ACK/SYN
> > ACCEPT all -- anywhere anywhere
> > ACCEPT all -- anywhere anywhere
> > ACCEPT udp -- 0.0.0.0 anywhere udp spt:domain
> > ACCEPT udp -- mydnsservername.com anywhere udp
> spt:domain
> > REJECT tcp -- anywhere anywhere tcp
> > flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
> > REJECT udp -- anywhere anywhere udp
> reject-with
> > icmp-port-unreachable
> > =======================
> >
> > I have two lan cards in the machine. eth0 is for the WAN and eth1 is
> > trusted in the firewall for the LAN. So I can use vnce on the LAN, but
> > can't connect to it on the external IP on the WAN. I have done some
> > searching and found the following lines to add, but they don't seem to
> open
> > it up for me unless there is something that I have to do after entering
> > these at the command line to make them work.
> >
> > iptables -A INPUT -p tcp --sport 5801 -j ACCEPT
> > iptables -A INPUT -p tcp --sport 5901 -j ACCEPT
> > iptables -A INPUT -p tcp --sport 6001 -j ACCEPT
> >
> >
>
>Hi Steve,
>
> Try changing the "-A" to "-I" in each of the above
>commands so that these rules fire before the Lokkit
>rules.
>
> Also, the --sport looks wrong to me, to my
>eye it should be --dport so try that change too
>if the above idea alone doesn't work.
>
>Good Luck,
>Sean
>
>
>--
>redhat-list mailing list
>unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>https://www.redhat.com/mailman/listinfo/redhat-list
>
>--
>This message has been scanned for viruses and
>dangerous content by the MailScanner at ow4, and is
>believed to be clean.
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Simon Tischer: "ext3 to ext2"
- In reply to: Sean Estabrooks: "Re: iptables and vnc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
