[wplug] iptables, port forwarding and vnc.

Wise, Jeremey jeremey.wise at agilysys.com
Thu Mar 11 08:07:12 EST 2004 

On a side note. VNC does encrypt passwords. I would like to see how you
tunnel the vnc session through ssh. Reason is I would like something similar
for RVID access to XP systems which have their own terminal services. 

-----Original Message-----
From: wplug-admin at wplug.org [mailto:wplug-admin at wplug.org] On Behalf Of
Brandon Kuczenski
Sent: Wednesday, March 03, 2004 10:20 PM
To: western PA LUG
Subject: Re: [wplug] iptables, port forwarding and vnc.

On Wed, 3 Mar 2004, John Harrold wrote:

> i'm trying to forward ports on our gateway running linux to the windows
> machine so that someone running vnc from the outside can use it. 
> 
> 
>    External Interface:  eth0
>       Internal Interface:  eth1
>       
> 
>  PSERVER="123.123.123.123"     #external interface eth0
>  PGW="192.168.0.1"             #internal interface eth1
>  LOCNET="192.168.0.0/24"       
>  WINDOWS="192.168.0.3"         #windows machine
> 
> 
>  # so i have the following to forward ports 5800 and 5900 which i read vnc
uses
>  # i read that the following would forward the ports i need.
> 
>  $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --sport 1024:65535 -d
$PSERVER --dport 5800 -j DNAT --to-destination $WINDOWS:5800
>  $IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --sport 1024:65535 -d
$WINDOWS --dport 5800 -m state --state NEW -j ACCEPT
>  $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --sport 1024:65535 -d
$PSERVER --dport 5900 -j DNAT --to-destination $WINDOWS:5900
>  $IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp --sport 1024:65535 -d
$WINDOWS --dport 5900 -m state --state NEW -j ACCEPT
> 
>  this doesn't seem to be working, since i'm not too swift at this kind of
>  thing does anyone see any problems with this?
> 
> 
> 

On a security note, mightn't it be wiser to tunnel the connection through 
SSH, instead?  I'm not sure if VNC encrypts passwords or not.  It would 
sure suck to give the world a cleartext password to control your machine.

That's what I do, so my only responsive ports are 22, 25, and 80.

-Brandon


_______________________________________________
wplug mailing list
wplug at wplug.org
http://www.wplug.org/mailman/listinfo/wplug

More information about the wplug mailing list