Re: iptables and vnc

Thu, 28 Aug 2003 01:32:13 +0000 

On Wed, 27 Aug 2003 19:17:48 -0500
Steve Buehler <[EMAIL PROTECTED]> wrote:

> I am REAL new to iptables.  I installed RedHat 9 with the firewall set on 
> "High".  The firewall only allows things like http, ftp, smtp and 
> domain.  How can I open up the firewall so that I can open it up for VNC 
> connections to the server.  I presume that you use iptables, but I haven't 
> been able to get the right setup for it.  Right now my iptables look like this:
> ======================
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain RH-Lokkit-0-50-INPUT (2 references)
> target     prot opt source               destination
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:http 
> flags:SYN,RST,ACK/SYN
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp 
> flags:SYN,RST,ACK/SYN
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:smtp 
> flags:SYN,RST,ACK/SYN
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     udp  --  0.0.0.0              anywhere           udp spt:domain
> ACCEPT     udp  --  mydnsservername.com    anywhere           udp spt:domain
> REJECT     tcp  --  anywhere             anywhere           tcp 
> flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
> REJECT     udp  --  anywhere             anywhere           udp reject-with 
> icmp-port-unreachable
> =======================
> 
> I have two lan cards in the machine.  eth0 is for the WAN and eth1 is 
> trusted in the firewall for the LAN.  So I can use vnce on the LAN, but 
> can't connect to it on the external IP on the WAN.  I have done some 
> searching and found the following lines to add, but they don't seem to open 
> it up for me unless there is something that I have to do after entering 
> these at the command line to make them work.
> 
> iptables -A INPUT -p tcp --sport 5801 -j ACCEPT
> iptables -A INPUT -p tcp --sport 5901 -j ACCEPT
> iptables -A INPUT -p tcp --sport 6001 -j ACCEPT
> 
> 

Hi Steve,

    Try changing the "-A" to "-I" in each of the above 
commands so that these rules fire before the Lokkit
rules.

    Also,  the --sport looks wrong to me, to my 
eye it should be --dport so try that change too
if the above idea alone doesn't work.

Good Luck,
Sean


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Reply via email to