Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] vnc masqueraded
  • From: Mark Robinson <mcr@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 16 Jan 2002 11:35:57 +0000
  • Message-id: <1291029407990.20020116113557@xxxxxxxxxxxxxxxxxxxxx>
Hello Jens,

Wednesday, 16 January 2002, you wrote:

JW> Hi folks,

JW> there's a tiny masqueraded lan (192.168.0.0/24) behind a firewall (suse
JW> 73, Susefirewall2), standard-configuration.

JW> Task: Enable remote control of the internal computers via VNC.

JW> The following already works:

JW> (1) intern <-> intern
JW> (2) intern <-> firewall
JW> (3) extern <-> firewall
(4) intern ->> extern

JW> The problem is (5) extern -> intern

JW> (currently i do a remote control of the firewall, which does a remote
JW> control of an internal computer, but that's pretty shitty)

JW> I do not know the right questions. Is it a firewall-, routing-, or
JW> masquerading-thingie? How do I address internal computers anyway?

In the earlier version of SuSEfirewall it was section 14 of
/etc/rc.config.d/firewall.rc.config You needed to set up the
FW_FORWARD_MASQ_TCP variable. The only problem seems to be that you'll
have 1 publicly visible IP addess/vnc port combination, which won't
allow you to connect to multiple internal vnc servers. However, if you
can make vnc listen on a different port (5902, 5903) on each internal
machine it might just work... You should then be able to connect to
real_ip:2 real_ip:3 etc...

I'd be interested to hear how you get on...
Mark


< Previous Next >
References