[Firehol-support] dnat for vnc
Goetz Bock
bock at blacknet.de
Wed May 10 12:25:43 BST 2006
On Wed, May 10 '06 at 15:17, Stefan Sobernig wrote:
> dnat to <C>:5900 proto tcp dport 5900 log "forwarding vnc packs"
> router np2p inface eth0 outface eth0
> route vnc accept dst <C> log "got vnc packs"
>
> When applying these commands / rules, I end up with proper forwarding
> behaviour:
>
> The problem, however, is that the forwarded packets never reach the
> target, i.e. machine C, as they are blocked due to their source address
> that remains <A>, indicating their origin from an unprotected zone
> (considering the network setup of my organisation).
So, you must also snat the connection
snat to <B>:5900 proto tcp dport 5900 dst <C>
--
Goetz Bock (c) 2006 as blacknet.de - Munich - Germany /"\
IT Consultant Creative Commons secure mobile Linux everNETting \ /
X
ASCII Ribbon Campaign against HTML email & microsoft attachments / \
More information about the Firehol-support
mailing list