On Mon, 25 Aug 2003 13:51:37 -0500
"P. Kallakuri" <praveen@unlserve.unl.edu> wrote:
> vncviewers from other clients behind the firewall. but when i ssh to the
> gateway from localhost@some-internet-domain with the -L
> 5903:vncserver:5903 option and forward from the gateway to the vncserver
> using another ssh -L ..., i am not able to connect to the vncserver at
> port 5903 on localhost. with a RealVNC viewer, i get an error like
> "channel 2 or 4: administratively prohibited" and with TightVNC, i get
> just a connection failure. nmap output for the gateway after the port
> 5903 forwarding gives the same results as above. but for the vncserver
> behind the firewall, everything seems ok:
What does ssh -v tell you? Is it really setting up the port forward?
> secondly, how can i close the filtered ports?
Set them to REJECT instead of DROP. REJECT makes them looked closed to
the outside world. DROP is a hint something is listening and just not
answering hence filtered.
> i cannot find what process is keeping them. i know that i disabled ICMP
> requests on my gateway,
Ungh. Why? Why disable ICMP. I never figured that one out. Anything
goes wrong with that line and you'll need to remember to turn it back on so as
not to waste the tech's time. "Uh, I can't ping your machine, are you sure it
is plugged in?" "Oh, wait, hold on, I turned off that diagnostic tool."
--
Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
PGP Key: 8B6E99C5 | main connection to the switchboard of souls.
-------------------------------+---------------------------------------------
Attachment:
pgpbKgPzDnv0M.pgp
Description: PGP signature