RealVNC
Calvin Lane
calvin.lane at gmail.com
Mon May 9 16:33:22 PDT 2005
Hello Karan,
I have RealVNC going through a number of BSD firewalls/gatways. Most of my
BSD boxes are 4.9 or 4.10. I'm using ipfilter as my firewall. Here is what I
do:
in ipnat.rules
rdr xl0 xxx.xxx.xxx.xxx/32 port 5800 -> 192.168.0.12
<http://192.168.0.12>port 5800
rdr xl0 xxx.xxx.xxx.xxx/32 port 5900 -> 192.168.0.12
<http://192.168.0.12>port 5900
in ipf.rules
pass in quick on xl0 proto tcp from any to any port = 5800 flags S keep
state keep frags
pass in quick on xl0 proto tcp from any to any port = 5900 flags S keep
state keep frags
These are the only lines that I use to connect to internal machines on VNC
through my firewall. Let me know how this works for you.
Calvin Lane
calvin.lane at gmail.com
On 5/9/05, Karan Gupta <kgupta at edgefocus.com> wrote:
>
> Need help..have gone through google/docs but am still confused.
> Im running,
>
> FreeBSD aaa.bbb.com <http://aaa.bbb.com> 4.9-RELEASE FreeBSD 4.9-RELEASE#4:
> aaa.bbb.com:/usr/src/sys/compile/GENERIC i386
>
> its acting as a router running NAT, IPFW and DHCP
>
> INTERNET<------>fBSD<------>x.x.x.x(win2k machine running RealVNC server
> on the local network, it has a static IP)
>
> a.a.a.a: is the ext_ip_fbsd
> x.x.x.1: is the int_ip_fsd
> x.x.x.x: Win2k on the local network running RealVNC server
>
> I want to connect to the win2k machine from the internet.
> i have natd.conf with
> same_port yes
> redirect_port tcp x.x.x.x:5800-5900 a.a.a.a:5800-5900
> redirect_port udp x.x.x.x:5800-5900 a.a.a.a:5800-5900
>
> ###ipfw with#####
> ipfw -f flush
> ##### rl0 is the ext interface #####
> /sbin/natd -interface rl0 -s
> ipfw add 999 divert natd all from any to any via rl0
>
> I can get on the internet just fine, can ssh to the fBSD from the outside
> as well.
> Heres the nmap output,
> Port State Service
> 21/tcp open ftp
> 22/tcp open ssh
> 25/tcp open smtp
> 80/tcp open http
> 443/tcp open https
> 587/tcp open submission
>
> I guess i need to open the ports on the firewall....nothing that i tried
> worked.
>
> Any suggestions?
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list