Re: [leaf-user] Shorewall Rules and TightVNC

Wed, 11 Jun 2003 21:27:45 -0700 

> Message: 1
> Date: Wed, 11 Jun 2003 23:26:16 +0200
> From: Patrick Benson <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: [leaf-user] Shorewall Rules and TightVNC
>
> Darcy Parker wrote:
> >
> > Good day all,
> >
> >      I am using Leaf Bering (latest ver) and currently have my shorewall
> > rules to allow a TightVNC connection only from a fixed IP address at
work.
> >
> > # DNAT to allow TightVNC from Work Only
> > #
> > DNAT    net:xxx.xxx.xxx.xxx    192.168.1.100:5800    tcp    http
> > DNAT    net:xxx.xxx.xxx.xxx    192.168.1.100:5800    tcp    5800
> > DNAT    net:xxx.xxx.xxx.xxx    192.168.1.100:5900    tcp    http
> > DNAT    net.xxx.xxx.xxx.xxx    192.168.1.100:5900    tcp    5900
> >
> >     As I am going to be travelling with my laptop, I am woundering if
there
> > is a way to configure the rules to allow a TightVNC connection from a
spefic
> > MAC address as I will not know what my net IP address will be while I am
> > away.
> >
> > If not from a specific MAC address, then is there another way?
> >
> > Best Regards,
> > Darcy
>
> Darcy,
>
> I would also suggest the same option Lars proposed, use ssh and
> portforwarding with ssh acting as the tunnel. Some of the advantages are
> disabling passwords and using RSAauthentication which can be configured
> in your sshd_config file, averting the password cracking problem. A
> properly configured sshd_config file is a powerful complement for your
> security setup. Another advantage is that you will only be using the ssh
> port for the connection, instead of opening the standard vnc 5800,5900
> ports..and you can use the compression option as well. There's a pretty
> good tutorial at the realvnc site on how to go about it:
>
> http://www.uk.research.att.com/vnc/sshvnc.html
>
> Regards,
> -- 
> Patrick Benson
> Stockholm, Sweden
>
Patrick and Lars,

     Thanks for the suggestions and the links.  I only have two days to get
this up and running so I hope I don't run into trouble.

Darcy



-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to