RealVNC

Calvin Lane calvin.lane at gmail.com
Mon May 9 16:33:22 PDT 2005


Hello Karan,
 I have RealVNC going through a number of BSD firewalls/gatways. Most of my 
BSD boxes are 4.9 or 4.10. I'm using ipfilter as my firewall. Here is what I 
do:
 in ipnat.rules
 rdr xl0 xxx.xxx.xxx.xxx/32 port 5800 -> 192.168.0.12
<http://192.168.0.12>port 5800
rdr xl0 xxx.xxx.xxx.xxx/32 port 5900 -> 192.168.0.12
<http://192.168.0.12>port 5900
 in ipf.rules
pass in quick on xl0 proto tcp from any to any port = 5800 flags S keep 
state keep frags
pass in quick on xl0 proto tcp from any to any port = 5900 flags S keep 
state keep frags
 These are the only lines that I use to connect to internal machines on VNC 
through my firewall. Let me know how this works for you.
 Calvin Lane
calvin.lane at gmail.com
  

 On 5/9/05, Karan Gupta <kgupta at edgefocus.com> wrote: 
> 
> Need help..have gone through google/docs but am still confused.
> Im running,
> 
> FreeBSD aaa.bbb.com <http://aaa.bbb.com> 4.9-RELEASE FreeBSD 4.9-RELEASE#4: 
> aaa.bbb.com:/usr/src/sys/compile/GENERIC i386
> 
> its acting as a router running NAT, IPFW and DHCP
> 
> INTERNET<------>fBSD<------>x.x.x.x(win2k machine running RealVNC server 
> on the local network, it has a static IP)
> 
> a.a.a.a: is the ext_ip_fbsd
> x.x.x.1: is the int_ip_fsd
> x.x.x.x: Win2k on the local network running RealVNC server
> 
> I want to connect to the win2k machine from the internet.
> i have natd.conf with
> same_port yes
> redirect_port tcp x.x.x.x:5800-5900 a.a.a.a:5800-5900
> redirect_port udp x.x.x.x:5800-5900 a.a.a.a:5800-5900
> 
> ###ipfw with#####
> ipfw -f flush
> ##### rl0 is the ext interface #####
> /sbin/natd -interface rl0 -s
> ipfw add 999 divert natd all from any to any via rl0
> 
> I can get on the internet just fine, can ssh to the fBSD from the outside 
> as well.
> Heres the nmap output,
> Port State Service
> 21/tcp open ftp
> 22/tcp open ssh
> 25/tcp open smtp
> 80/tcp open http
> 443/tcp open https
> 587/tcp open submission
> 
> I guess i need to open the ports on the firewall....nothing that i tried 
> worked.
> 
> Any suggestions?
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>


More information about the freebsd-questions mailing list