Re: [suse-security] vnc masqueraded
Hi folks,
there's a tiny masqueraded lan (192.168.0.0/24) behind a firewall (suse 73, Susefirewall2), standard-configuration.
Task: Enable remote control of the internal computers via VNC.
The following already works:
(1) intern <-> intern (2) intern <-> firewall (3) extern <-> firewall (4) intern -> extern
The problem is (5) extern -> intern
(currently i do a remote control of the firewall, which does a remote control of an internal computer, but that's pretty shitty)
I do not know the right questions. Is it a firewall-, routing-, or masquerading-thingie? How do I address internal computers anyway?
You can do some port forwarding, e.g. $EXT_IP:$PORT1 -> $INT_IP01:5900 for each machine behind your wall. check there4 in /etc/rc.config.d/firewall2.rc.config # 14.) # Which services accessed from the internet should be allowed to masqueraded # servers (on the internal network or dmz)? # REQUIRES: FW_ROUTE # # With this option you may allow access to e.g. your mailserver. The # machines must be in a masqueraded segment and may not have public IP addesses # Hint: if FW_DEV_MASQ is set to the external interface you have to set # FW_FORWARD from internal to DMZ for the service as well to allow access # from internal! # # Please note that this should *not* be used for security reasons! You are # opening a hole to your precious internal network. If e.g. the webserver there # is compromised - your full internal network is compromised!! # # Choice: leave empty (good choice!) or use the following explained syntax # of forward masquerade rules, seperated each by a space. # A forward masquerade rule consists of 1) source IP/net, 2) destination IP # (dmz/intern), 3) a protocol (tcp/udp only!) and 4) destination port, # seperated by a comma (","), e.g. "4.0.0.0/8,1.1.1.1,tcp,80" # Optional is a port after the destination port, to redirect the request to # a different destination port on the destination IP, e.g. # "4.0.0.0/8,1.1.1.1,tcp,80,81" Yours Michael Appeldorn :O):_
participants (1)
-
Michael Appeldorn