[Firehol-support] dnat for vnc

Goetz Bock bock at blacknet.de
Wed May 10 12:25:43 BST 2006

On Wed, May 10 '06 at 15:17, Stefan Sobernig wrote:
> dnat to <C>:5900 proto tcp dport 5900 log "forwarding vnc packs"
> router np2p inface eth0 outface eth0
>         route vnc accept dst <C> log "got vnc packs"
> When applying these commands / rules, I end up with proper forwarding
> behaviour:
> The problem, however, is that the forwarded packets never reach the
> target, i.e. machine C, as they are blocked due to their source address
> that remains <A>, indicating their origin from an unprotected zone
> (considering the network setup of my organisation).
So, you must also snat the connection

snat to <B>:5900 proto tcp dport 5900 dst <C>
Goetz Bock       (c) 2006 as     blacknet.de - Munich - Germany   /"\
IT Consultant  Creative Commons  secure mobile Linux everNETting  \ /
 ASCII Ribbon Campaign against HTML email & microsoft attachments / \

More information about the Firehol-support mailing list