----- Original Message -----
From: "Joe Kexel" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, October 27, 2003 11:55 PM
Subject: Re: Accessing Windows VNC trough a Linux Gateway
> If, by gateway you mean simple NAT, do a port forward using whatever
> commands related to your style of gateway, ipchains or iptables. This can
> be easy or hard depending on the default policies.
>
> With iptables it would look like this
>
> /correct_path/iptables -t nat -A PREROUTING -i {external interface} -p tcp
> --dport 5900 -j DNAT --to {internal machine's IP address}:5900
>
> Choosing a strange port on the external interface would make your setup
> less obvious. Its not more secure, but full port scans are less common
> since ISP have gotten more aggressive, so most amateur attacks will not
> find you.
>
> And I believe you need ipmasqadm or ipportfw for ipchains, but its been a
> while since I used that.
>
> A more secure method would be to use the SSH on the linux box to port
> forward and encryt the connection. It requires a password and does not
> create a permament port forward. Use putty for example and enter:
>
> putty -ssh -2 -C -t -l username -L 5900:{ip of host}:5900 {ip of gateway}
>
> Enter password when asked, then vncviewer to your localhost. I use a user
> reserved for this use and edit the passwd file so /correct_path/cat is the
> shell for that user.
>
> Dig in! You will get running eventually.
>
> Denilson Amaral Zimmermann said:
> > Hello all !!
> >
> > I have VNC installed on a win 98, but my internet is connected on a
Linux,
> > which is my gateway.
> >
> > Can i access windows VNC through linux gateway??
> >
> > Regards !!!
> >
> > Denilson A. Zimmermann
> > Technical Support
> > Brazil
> > _______________________________________________
Hello, I have a machine with private IP with nat on public IP (this machine
already I offer other services as HTTP and it is work without problems), to
the inside of my script based on iptables has inserted is:
iptables -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $HTTP_IP --dport
5900 -j DNAT --to destination $DMZHTTPIP
that:
iptables -t nat -A PREROUTING -i $INET_IFACE -p TCP --dport 5900 -j
DNAT --to $DMZHTTPIP
where:
INET_IFACE --> public IP on the firewall
DMZHTTPIP --> private IP for my server
but however I do not succeed to approach always receiving the following
message:
unable to connect to host: Connection timed out (10060)
you have some suggestion?
the version that use is the 4 beta and the server part is installed on
win2000 server. Thanks.
- Salvatore
---
[This E-mail scanned for viruses by Declude Virus]
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
