Re: Is it possible to use VNC through masquerading firewall?
On Sat, 15 Sep 2001, Christian Schlettig wrote:
> Hello group,
> the following scenario:
> INET --ADSL|-- LINUX -- INTERNAL LAN
> 1.1 1.x
> i'm using debian 2.2r3 with kernel 2.2.19 for
> the linux router. The internal lan has one
> linux clients and 5 win95 clients. the router
> acts as a email server and www proxy no other
> services are used yet. I've installed VNC on
> the clients and would like to remote
> administrate them if the users ask for it and
> turn VNC on.
> My question is whether it is possible to
> initiate a VNC Connection from the inet to one
> specific client in the internal LAN. Can i
> configure VNC to use different ports on the
> clients and then portforward them to the
> internal client?
Yes, it is easy to forward ports through a firewall using ipmasqadm. For
example the following command forwards port 80 to (some) internal host
/usr/sbin/ipmasqadm portfw -a -P tcp -L x.x.1.1 http -R x.x.1.x http
use Xvnc -help to see how you can change the ports VNC listens on... It
looks like there are a few options. You specify which port the client
connects to by the display number:
vncviewer localhost:1 (port 5901)
vncviewer localhost:2 (port 5902)
vncviewer localhost:-50 (port 5850)
I believe there is a limit on these port numbers (I tried connecting to a
server on port 20000 and it didn't work)...