On Wednesday 24 January 2007 12:24, you wrote: > I currently have no problems using sshd; it is not being blocked. > Inbound connections to 22 are open.
Not sure if this will help with your problem, but the string I suggest below is syntactically more accurate: iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 5901 -j ACCEPT This assumes that the server is listening for connections on port 5901 at the default iface. However, if you are forwarding connections to port 5901 via ssh then the firewall will not see incoming packets at ip_address:5901 (only at localhost:5901). Set up a couple of logging rules in the iptables to see what's being dropped. > Mick wrote: > > On Tuesday 23 January 2007 17:48, David L White wrote: > >> Hi, > >> > >> We are running a Redhat vncserver and trying to connect through a client > >> XP over ssh port 22 using putty. We just started having the connection > >> problem the other day. Previously, we had not had any problems before > >> with this vncserver. The problem is Iptables. I can turn off Iptables > >> and I can connect. With Iptables started I get the 10060 error. I have > >> added "-A INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j > >> ACCEPT" to Iptables thinking that it is a port issue, but this has not > >> resolved the issue. > > > > It would not address the issue of trying to connect to port 22. If > > you're tunnelling VNC connections through ssh then Port 590* is only > > relevant for connections listening on localhost:590* which is not > > affected by iptables (unless configured to block connections to > > localhost?!). Have you allowed inbound connections to port 22? (It > > would be better to use another port number (higher than 1024) to connect > > to sshd for the purpose of avoiding the large number of port scanners out > > there which target port 22.) > > > >> We have other Redhat servers supporting vncserver > >> and this configuration works fine without the need to open the VNC ports > >> (590*) in Iptables. As I mentioned earlier, Iptables was not a problem > >> for this particular server up until two days ago. It would seem that > >> something changed and I can not isolate this problem. Thanks. Dave > >> _______________________________________________ > >> VNC-List mailing list > >> VNC-List@realvnc.com > >> To remove yourself from the list visit: > >> http://www.realvnc.com/mailman/listinfo/vnc-list > > > > -- > > Regards, > > Mick > > > > [demime 1.01d removed an attachment of type application/pgp-signature] > > _______________________________________________ > > VNC-List mailing list > > VNC-List@realvnc.com > > To remove yourself from the list visit: > > http://www.realvnc.com/mailman/listinfo/vnc-list -- Regards, Mick [demime 1.01d removed an attachment of type application/pgp-signature] _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
