At 02:01 AM 2/4/2003, Dietmar.Friesch wrote:
You have to also allow it in the FORWARD chain."Hello world" Anyone out there who can kick me into touch why this is not workingWorld (real viewerr IPRH80:5901 -> RH80 (iptables) -> w2k-vnc (real 336 server on 5900 Setting in RH80 iptables -A INPUT -p tcp -m tcp --dport 5901 --syn -j ACCEPT This works I can telnet the vncserver on RH80 5901 and establish a viewer connection to RH80, I can -j DROP/REJECT From RH80 I can telnet and vncview w2k-vnc on 5900 now setting iptables -t nat -A PREROUTING -p tcp -d RH80-IP --dport 5901 -j DNAT --to-destination w2k-IP:5900 leaves me stuck with with both vncviewer and telnet telling me that the cannot connect to server
INPUT = packets coming into the linuxbox
FORWARD = packets going through the linuxbox
OUTPUT = packets coming from the linuxbox
The reason the first one works, is that you are accepting it in the input chain, which goes to the linuxbox. For packetforwarding to work, you need to use the FORWARD chain.
Perhaps something like:
iptables -t filter -A FORWARD -p tcp -d w2k-IP --jump ACCEPT
Jordan
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
http://www.realvnc.com/mailman/listinfo/vnc-list
