[wplug] iptables, port forwarding and vnc.
Wise, Jeremey
jeremey.wise at agilysys.com
Thu Mar 11 08:07:12 EST 2004
On a side note. VNC does encrypt passwords. I would like to see how you
tunnel the vnc session through ssh. Reason is I would like something similar
for RVID access to XP systems which have their own terminal services.
-----Original Message-----
From: wplug-admin at wplug.org [mailto:wplug-admin at wplug.org] On Behalf Of
Brandon Kuczenski
Sent: Wednesday, March 03, 2004 10:20 PM
To: western PA LUG
Subject: Re: [wplug] iptables, port forwarding and vnc.
On Wed, 3 Mar 2004, John Harrold wrote:
> i'm trying to forward ports on our gateway running linux to the windows
> machine so that someone running vnc from the outside can use it.
>
>
> External Interface: eth0
> Internal Interface: eth1
>
>
> PSERVER="123.123.123.123" #external interface eth0
> PGW="192.168.0.1" #internal interface eth1
> LOCNET="192.168.0.0/24"
> WINDOWS="192.168.0.3" #windows machine
>
>
> # so i have the following to forward ports 5800 and 5900 which i read vnc
uses
> # i read that the following would forward the ports i need.
>
> $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --sport 1024:65535 -d
$PSERVER --dport 5800 -j DNAT --to-destination $WINDOWS:5800
> $IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --sport 1024:65535 -d
$WINDOWS --dport 5800 -m state --state NEW -j ACCEPT
> $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --sport 1024:65535 -d
$PSERVER --dport 5900 -j DNAT --to-destination $WINDOWS:5900
> $IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --sport 1024:65535 -d
$WINDOWS --dport 5900 -m state --state NEW -j ACCEPT
>
> this doesn't seem to be working, since i'm not too swift at this kind of
> thing does anyone see any problems with this?
>
>
>
On a security note, mightn't it be wiser to tunnel the connection through
SSH, instead? I'm not sure if VNC encrypts passwords or not. It would
sure suck to give the world a cleartext password to control your machine.
That's what I do, so my only responsive ports are 22, 25, and 80.
-Brandon
_______________________________________________
wplug mailing list
wplug at wplug.org
http://www.wplug.org/mailman/listinfo/wplug
More information about the wplug
mailing list