[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is it possible to use VNC through masquerading firewall?



Christian,

On Sat, 15 Sep 2001, Christian Schlettig wrote:

> Hello group,
>
> the following scenario:
>
> INET --ADSL|-- LINUX -- INTERNAL LAN
>                 1.1        1.x
>
> i'm using debian 2.2r3 with kernel 2.2.19 for
> the linux router. The internal lan has one
> linux clients and 5 win95 clients. the router
> acts as a email server and www proxy no other
> services are used yet. I've installed VNC on
> the clients and would like to remote
> administrate them if the users ask for it and
> turn VNC on.
>

> My question is whether it is possible to
> initiate a VNC Connection from the inet to one
> specific client in the internal LAN. Can i
> configure VNC to use different ports on the
> clients and then portforward them to the
> internal client?

Yes, it is easy to forward ports through a firewall using ipmasqadm. For
example the following command forwards port 80 to (some) internal host

/usr/sbin/ipmasqadm portfw -a -P tcp -L x.x.1.1 http -R x.x.1.x http

use Xvnc -help to see how you can change the ports VNC listens on... It
looks like there are a few options. You specify which port the client
connects to by the display number:

  vncviewer localhost:1    (port 5901)
  vncviewer localhost:2    (port 5902)
  vncviewer localhost:-50  (port 5850)

I believe there is a limit on these port numbers (I tried connecting to a
server on port 20000 and it didn't work)...

Good luck!

Roger



Reply to: