![](https://seccdn.libravatar.org/avatar/bdb4850a3ca4134b3dea2f458ba531c1.jpg?s=120&d=mm&r=g)
The path to success was given by Michael Appeldorn and Mark Robinson: To firewall2.rc.config, simply add
FW_FORWARD_MASQ="0/0,192.168.0.<n>,tcp,590<n> 0/0,192.168.0.<n>,udp,590<n>"
and give the vnc-server of 192.168.0.<n> the display number <n> for each local ip ending in <n> for which you want to have vnc access from outside.
To remote control ip 192.168.0.3, e.g., issue "vncserver
:3" et viola! To get rid of those "0/0" null-restriction from outer space, I'm afraid, there's no way than that suggestion of Mark Ruth, though.
You have a nerve [0/0]. Is pretty insecure. Guess would be easy to sniff the vnc password and every guy with some ambitions will move the mouse only you should move remotly. Would suggest following simple way to make it more secure, also if you have a static ip you can bind. Find the position of the rules in /sbin/SuSEfirewall2 and modify this rules in order to check the MAC-Adresse of your remote machine. If you've further question how to, mail me. Michael Appeldorn.