[wplug] iptables, port forwarding and vnc.

John Harrold jmh17 at pitt.edu
Thu Mar 4 08:32:19 EST 2004 

Sometime in March James O'Kane assaulted the keyboard and produced:

| On Wed, 3 Mar 2004, John Harrold wrote:
| 
| >  $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --sport 1024:65535 -d  $PSERVER --dport 5800 -j DNAT --to-destination $WINDOWS:5800
| >  $IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --sport 1024:65535 -d $WINDOWS --dport 5800 -m state --state NEW -j ACCEPT
| >  $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --sport 1024:65535 -d  $PSERVER --dport 5900 -j DNAT --to-destination $WINDOWS:5900
| >  $IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --sport 1024:65535 -d $WINDOWS --dport 5900 -m state --state NEW -j ACCEPT
| 
| I'm assuming you have something that allows ESTABLISHED connections?
| 
| You probably need matching POSTROUTING SNAT lines for the return packets.
| As they are now, the return packets will have $WINDOWS IP and port, or
| will be MASQUERADE'd to a non-matching port for this connection.

would it look something like this:

 $IPTABLES  -t nat -A POSTROUTING -d $WINDOWS -j SNAT  --to $PGW
 

-- 
--------------------------------------------------------------------------
                                               | /"\
 john harrold                                  | \ / ASCII ribbon campaign
      jmh at member.fsf.org                    |  X  against HTML mail
           the most useful idiot               | / \
--------------------------------------------------------------------------
 What difference does it make to the dead, the orphans, and the homeless,
 whether the mad destruction is brought under the name of totalitarianism or
 the holy name of liberty and democracy?
 --Gandhi
--------------------------------------------------------------------------
gpg --keyserver keys.indymedia.org --recv-key F65A739E
--------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://penguin.wplug.org/pipermail/wplug/attachments/20040304/d9ab7ff7/attachment-0001.bin

More information about the wplug mailing list