Hi pls excuse my ignorance, very new to Linux! 2 x nics in suse 7 server routes adsl to win98/2000 boxes (ip masquerading) - works extremely well. I want to use vnc for remote access. What do I need to set in the firewall.config ? I entered what i thought was coorect addresses but still no luck, the example in the file is not very clear to me. I would be extremely grateful of any assistance many thanks Terry Reynolds I.T. Manager Security and reliability of e-mails are not guaranteed. We operate anti-virus programmes but you must take full responsibility for virus checking this e-mail (including all attachments). Action Express Group do not accept any liability in respect of any damage caused by any virus which is not detected.
What did you put in the config file? On Thu, 2003-01-23 at 12:16, terry wrote:
Hi pls excuse my ignorance, very new to Linux!
2 x nics in suse 7 server routes adsl to win98/2000 boxes (ip masquerading) - works extremely well.
I want to use vnc for remote access. What do I need to set in the firewall.config ? I entered what i thought was coorect addresses but still no luck, the example in the file is not very clear to me.
I would be extremely grateful of any assistance many thanks
Terry Reynolds I.T. Manager
Security and reliability of e-mails are not guaranteed. We operate anti-virus programmes but you must take full responsibility for virus checking this e-mail (including all attachments). Action Express Group do not accept any liability in respect of any damage caused by any virus which is not detected. --
( Raymond Leach )
) Knowledge Factory (
( )
) Tel: +27 11 445 8100 (
( Fax: +27 11 445 8101 )
) (
( http://www.knowledgefactory.co.za/ )
) http://www.saptg.co.za/ (
o o o o .--. .--. | o_o| |o_o | | \_:| |:_/ | / / \\ // \ \ ( | |) (| | ) /`\_ _/'\ /'\_ _/`\ \___)=(___/ \___)=(___/
Hi thanks for responding i set router forwarding the router is 192.168.9.1 5900/tcp 192.168.9.2 > this is the address of linux nic 1 linux nic 2 = 192.168.29.230 then below, i set FW_FORWARD_TCP="0.0.0.0/0,192.168.29.50,0" # Beware to use this! because i was told that 0.0.0.0/0 = any incoming address 192.168 etc add of win98 box to connect to 0=display number for vnc I then tried FW_FORWARD_TCP="219.nnn.nnn.nnn/24,192.168.29.50,0" # Beware to use this! where 212.nnn.nnn.nnn/24 is the address of the router as supplied by my IP. & I think the /24 relates to 255.255.255.0 Where am I going wrong please? also are ther other settings in the firewall which need to be set to yes??? thanks again terry # 13.) # Which services accessed from the internet should be allowed to the # dmz (or internal network - if it is not masqueraded)? # REQUIRES: FW_ROUTE # # With this option you may allow access to e.g. your mailserver. The # machines must have valid, non-private, IP addresses which were assigned to # you by your ISP. This opens a direct link to your network, so only use # this option for access to your dmz!!!! # # Choice: leave empty (good choice!) or use the following explained syntax # of forwarding rules, seperated each by a space. # A forwarding rule consists of 1) source IP/net, 2) destination IP (dmz/intern # and 3) destination port, seperated by a comma (","), e.g. # "4.0.0.0/8,1.1.1.1,22", # "4.4.4.4/12,20.20.20.20,22 12.12.12.12/12,20.20.20.20,22" # FW_FORWARD_TCP="" # Beware to use this! FW_FORWARD_UDP="" # Beware to use this! # ----- Original Message ----- From: "Raymond Leach" <raymondl@knowledgefactory.co.za> To: "SuSE Security" <suse-security@suse.com> Sent: Thursday, January 23, 2003 10:19 AM Subject: Re: [suse-security] firewall and port forwarding
one thing seems to be that you mix private addresses into a configuration part for real, valid addresses - at least thats what i read in the explanation : "... must have real valid (internet) addresses ..." so look along this line i think: you connect from outside to your router ( official ipaddress) and there portforward to a private (internal) address that gets nat'ted hth ===== Mit freundlichen Gruessen Patrick Thempel mail:patrick_thempel@yahoo.com __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Hi, On Thu, Jan 23, 2003 at 11:35:33AM -0000, terry wrote:
Hi thanks for responding
i set router forwarding the router is 192.168.9.1 5900/tcp 192.168.9.2 > this is the address of linux nic 1 linux nic 2 = 192.168.29.230
then below, i set
FW_FORWARD_TCP="0.0.0.0/0,192.168.29.50,0" # Beware to use this! because i was told that 0.0.0.0/0 = any incoming address 192.168 etc add of win98 box to connect to 0=display number for vnc [...]
display number 0 is not port number 0 ! For display number 0 you need to use port 5900 For display number 1 you need to use port 5901 and so on... (If you want get the Java Client over HTTP you also need port 5800)
& I think the /24 relates to 255.255.255.0
correct. HTH regards, Armin -- Armin Kohl MULTA MEDIO Informationssysteme AG email: akohl@multamedio.de Tel: +49-(0)931-79717-18 Mergentheimer Str. 76a Fax: +49-(0)931-79717-30 97082 Würzburg http://www.multamedio.de
participants (4)
-
Armin Kohl -
patrick thempel -
Raymond Leach -
terry