Dean Moreton wrote:
> Hi, im using a modified version of Eigersteinbeta 2 with a
> pppoe package. What id like to achieve is to be able to
> vnc into a machine on my internal network through my lrp
> box from an external ip (i.e work). I take it this will
> require some modifying of the ip ruleset i.e port
> forwarding etc. Is there a howto someone could point me
> to? My external ip is dynamic so i guess using mail to
> email me my ip is the way to go. Is the fact that my
> internal machines are dhcp assigned a problem for
> forwarding the vnc stuff through to a specific machine or
> do i just static assign an ip to the machine running vnc?
> Any suggestions/help would be appreciated, im a bit new to
> this stuff CheersDean
The dynamic part you will have to solve with /etc/lrp.conf
lrp_MAIL_SERVER="mail.yourisp.com"
You may have to check if your version has grep fixed for
mailing from the lrp box. See Charles' information.
*******
Lets do static dhcpd assignment first:
edit /etc/dhcpd.conf
dynamic-bootp-lease-length 604800;
max-lease-time 1209600;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.254;
option domain-name "private.network";
option domain-name-servers 192.168.1.254;
range 192.168.1.10 192.168.1.100;
host computername {
hardware ethernet 00:40:f5:5f:2e:3e;
fixed-address 192.168.1.1;
}
if you don't know the nic number
# grep dhcp /var/log/syslog
to find the information.
Change the range that your dhcpd uses so that the static
number that will be assigned by dhcpd is outside the range.
If you don't do this it will still work, but you will get
messages about both dynamic and static leases being present.
save file and
# svi dhcpd reload
*******
Next the port VNC uses is 5900
In /etc/network.conf (1, 1 from the menu)
add
EXTERN_TCP_PORTS="0/0_smtp ip.you.connect.from/32_5900"
The ip.you connect.from is the ip number, e.g. if you
always connect from 123.134.145.156 then put in
123.134.145.156/32 - if you only know the network you are
connecting from use 123.134.145.0/24. You could use
0/0_5900 (any network/any mask) but I recommended you
restrict access.
********
in /etc/ipfilter.conf at the very end of the file before the
last } put in :
# For VNC
$IPMASQADM autofw -A -v -r tcp 5900 5900 -h 192.168.1.1
}
save ipfilter.conf
# svi network ipfilter flush
# svi network ipfilter reload
test
when you get it working satisfactorily back up dhcpd and etc
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
