[Firehol-support] Port forwarding a VNC connection
Marcus Williams
marcus at quintic.co.uk
Tue Nov 8 12:07:06 CET 2005
Hi -
I want to forward an external vnc connection to an internal machine
through firehol. I've tried adding:
dnat to 192.168.202.3:5900 inface eth1 proto tcp dport 5900
where 192.168.202.3 is the internal machine and eth1 is out ADSL router
interface. Connections are getting passed inwards but then they fail.
If I try
dnat to 192.168.202.3:5900 inface eth0 proto tcp dport 5900
so I can test it internally, all I see in the logs is:
PASS-unknown:IN=eth0 OUT=eth0 SRC=192.168.202.155 DST=192.168.202.3
LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=11560 DF PROTO=TCP S
PT=2886 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0
Which looks wrong (wheres the -unknown come from?)
My (non-forwarding) conf file is:
version 5
# The network of our eth0 LAN.
home_ips="192.168.202.0/24"
interface eth0 dhcp
policy return
server dhcp accept
interface eth0 home src "${home_ips}"
policy reject
server "dns ssh icmp" accept
client "dns icmp" accept
interface eth1 internet src not "${home_ips} ${UNROUTABLE_IPS}"
server ident reject with tcp-reset
client all accept
router internet2home inface eth1 outface eth0
masquerade reverse
client all accept
server ident reject with tcp-reset
--
Marcus Williams -- http://www.cad-schroer.co.uk
CAD Schroer UK, 39 Newnham Road, Cambridge, UK
More information about the Firehol-support
mailing list