On Thu, 2009-04-16 at 11:39 -0700, Tim wrote: > if you are really lucky, you can lock that iptables rule down even > further if you have a single source address that will be accessing the > remote desktop > > iptables -A INPUT -p TCP -s xxx.xxx.xxx.xxx --dport 5900 -j ACCEPT
Note that you want -I INPUT for most default redhat configs. Some versions of redhat have a rule inline to the INPUT table to do rejections (instead of setting a default policy of reject and creating ACCEPT rules). If you add the ACCEPT after the global reject nothing will happen. Below is a nearly default config for fc8. -Eric [r...@geek ~]# iptables -L -n Chain INPUT (policy ACCEPT) RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (1 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited > > ~ Tim > > Eric Wheeler wrote: > > On Thu, 16 Apr 2009, Joe Pruett wrote: > > > >>> But I would like to be able to have the equivalent of a remote desktop for > >>> the Fedora box running on my Vista machine so I can use Fedora's GUI > >>> interface from the Vista machine. > >>> > >>> I looked at Xming as my X windows software, with PUTTY, but that seemed > >>> like > >>> it had a very steep learning curve. Freeware is important for this > >>> home/student project. Any and all suggestions will be appreciated! > >>> > >> the quickest was is vnc. run vncserver on the linux box and then connect > >> with vnc from windows. i don't know if fedora will default to a full > >> desktop or simple one, but after you've run vncserver once you can edit > >> .vnc/xstartup and easily have it start the full deal. > >> > > > > >From Fedora's command line, run: > > vino-preferences > > > > and configure your remote access rules. You'll also need to create a > > firewall rule to allow the connection (I assume you understand the > > liability of opening a remote desktop port on the host's firewall): > > > > iptables -I INPUT -p tcp --dport 5900 -j ACCEPT > > _______________________________________________ > > PLUG mailing list > > [email protected] > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
