[wplug] iptables, port forwarding and vnc.
John Harrold
jmh17 at pitt.edu
Thu Mar 4 08:32:19 EST 2004
Sometime in March James O'Kane assaulted the keyboard and produced:
| On Wed, 3 Mar 2004, John Harrold wrote:
|
| > $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --sport 1024:65535 -d $PSERVER --dport 5800 -j DNAT --to-destination $WINDOWS:5800
| > $IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --sport 1024:65535 -d $WINDOWS --dport 5800 -m state --state NEW -j ACCEPT
| > $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --sport 1024:65535 -d $PSERVER --dport 5900 -j DNAT --to-destination $WINDOWS:5900
| > $IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --sport 1024:65535 -d $WINDOWS --dport 5900 -m state --state NEW -j ACCEPT
|
| I'm assuming you have something that allows ESTABLISHED connections?
|
| You probably need matching POSTROUTING SNAT lines for the return packets.
| As they are now, the return packets will have $WINDOWS IP and port, or
| will be MASQUERADE'd to a non-matching port for this connection.
would it look something like this:
$IPTABLES -t nat -A POSTROUTING -d $WINDOWS -j SNAT --to $PGW
--
--------------------------------------------------------------------------
| /"\
john harrold | \ / ASCII ribbon campaign
jmh at member.fsf.org | X against HTML mail
the most useful idiot | / \
--------------------------------------------------------------------------
What difference does it make to the dead, the orphans, and the homeless,
whether the mad destruction is brought under the name of totalitarianism or
the holy name of liberty and democracy?
--Gandhi
--------------------------------------------------------------------------
gpg --keyserver keys.indymedia.org --recv-key F65A739E
--------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://penguin.wplug.org/pipermail/wplug/attachments/20040304/d9ab7ff7/attachment-0001.bin
More information about the wplug
mailing list