Hi Hernan, The Dnat rule who look like: DNAT wan:w.x.y.z lan tcp 1024:65535 - (were w.x.y.z is the IP of the outside box) . That way you can open up ports but only to your IP. Is The outside box initiating the connection? You also may want to try changing the ports on your wan to lan accept rule to all high ports before creating a DNAT rule to see if that does it. If the connection is always coming in on 2216 or 2664 you could create one rule for each port and only have the two open.
Best regards, Patrick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Hernan Castaneda Sent: Wednesday, August 18, 2004 1:07 PM To: [EMAIL PROTECTED] Subject: RE: [2][Security Firewall] Problem witn VNC Hi Patrick, The connection isn4t using any UDP packet, the rejects in the log are tcp packets coming from remote ports 2216 or 2664 to my firewall port 5900. The connection will be "on-2-many" I'm not familiar with the DNAT, What do I have to do? Best Regards, Hernan --- Patrick Usher <[EMAIL PROTECTED]> wrote: > Hi Hernan, > Is the VNC service using any UDP packets? Do you > show any rejects in the > log? You may want to try a DNAT rule in place of the > ACCEPT. Are you > connecting from the outside box to just one of the > inside boxes or will the > connection need to involve more than one inside > machine ("one to one" or > "one to many")? > > Best regards, > Patrick > ===== "Stay Free, find your own path, live with greatness and pride. Just stay beside the things that are really eternal; otherwise keep flying..." MORION ARBENET LUOSKRAD __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
