VNC and PF
Hi. I try to redirect VNC port in my LAN: $ pfctl -s nat|grep 5900 rdr on tun0 inet proto tcp from any to any port = 59001 - 192.168.0.10 port 5900 But I cannot connect with VNC-viewer to address 66.66.66.66:59001 (66.66.66.66 as my ext addr.). Thanks for your help. Best, Yuriy A. Dmitrishin.
Re: VNC and PF
On 16 April 2009 c. 14:25:38 Yuriy A. Dmitrishin wrote: Hi. I try to redirect VNC port in my LAN: $ pfctl -s nat|grep 5900 rdr on tun0 inet proto tcp from any to any port = 59001 - 192.168.0.10 port 5900 But I cannot connect with VNC-viewer to address 66.66.66.66:59001 (66.66.66.66 as my ext addr.). 0. dmesg IS ALWAYS REQUIRED. 1. Full pf.conf (or, better, pfctl -sa output). 2. ifconfig output. 3. route -n show output. -- Best wishes, Vadim Zhukov A: Because it messes up the way people read text. Q: Why is a top-posting such a bad thing?
Re: VNC and PF
Here's another rule. It redirects port to Remote Administrator (like VNC): # pfctl -s nat|grep 4899 rdr on tun0 inet proto tcp from any to any port = 54545 - 192.168.0.246 port 4899 This redirection works fine. Putting a pass between rdr and on in my rule doesn't help. Best, Yuriy A. Dmitrishin.
Re: VNC and PF
Looks like it's my mistake. This rule doesn't work when I connecting from my LAN, but only from ext. network. Best, Yuriy A. Dmitrishin.
Re: VNC and PF
On 2009-04-16, Yuriy A. Dmitrishin dim3d...@art-fm.com.ua wrote: Looks like it's my mistake. This rule doesn't work when I connecting from my LAN, but only from ext. network. Best, Yuriy A. Dmitrishin. http://www.openbsd.org/faq/pf/rdr.html#reflect
Re: VNC and PF
Yuriy A. Dmitrishin wrote: Looks like it's my mistake. This rule doesn't work when I connecting from my LAN, but only from ext. network. Ah, then it's working properly. From ext network; VNC should be run inside a tunnel since VNC sessions are not encrypted. VNC passwords are sent as plain text.