-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Good morning,
We use VNC here to administer various machines, both here in the office
and at remote
sites. All I have done is to add to Charlse's scripts in network.conf and
ipfilters.
I originally copied the section used for the internal ssh server, then
extended that for
multiple entries. Unfortunately I haven't had time to turn it into a walk
list as I'm
sure it can be done and I would be interested to know how.
VNC connects on port 5900 so we blocked that in the silent deny section
and assigned
our own high ports for use with VNC as follows:
- From network.conf
INTERN_VNC_SERVER0=192.168.2.30 # Internal VNC server to make available
EXTERN_VNC_PORT0=59613 # External port to use for internal VNC access
INTERN_VNC_SERVER1 .... Add more as necessary and don't forget to add the
corresponding
sections to ipfilters.conf
- From ipfilters.conf
if [ -n "$INTERN_VNC_SERVER0" ] ; then
if [ -n "$EXTERN_VNC_PORT0" ] ; then
$IPMASQADM portfw -a -P tcp -L $EXTERN_IP $EXTERN_VNC_PORT0 \
-R $INTERN_VNC_SERVER0 vnc
else
$IPMASQADM portfw -a -P tcp -L $EXTERN_IP vnc \
-R $INTERN_VNC_SERVER0 vnc
fi
fi
NOTE: I added vnc 5900/tcp to the services file in /etc and I have allowed
for the
default port,5900, to be used if an external port is not specified for each
machine.
I use the same arrangement to allow our users to access an internal VPN
server and a
couple of development web servers. We currently have 6 separate internal
VNC servers
which allow developers and system admins to access their machines from home.
Andrew GRAY
System Administrator / Senior Technician
VQA Australasia
Phone : (07) 3804 9822
Fax : (07) 3807 8633
Mobile : 0418 734 078
___________________________________________
NOTICE
The information contained in this electronic mail message is privileged and
confidential,
and is intended only for use of the addressee. If you are not the intended
recipient,
any disclosure, reproduction, distribution or other use of this
communication is strictly
prohibited. If you have received this communication in error, please notify
the sender
by reply transmission and delete the message without copying or disclosing
it.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Henning, Brian
Sent: Thu, 21 Mar 2002 04:52
To: [EMAIL PROTECTED]
Subject: [Leaf-user] vnc
Hello-
I am using LEAF with the echowall firewall package on a pentium 1. This
router/firewall serves my two windows machines. I set up echowall to access
a vnc server on one of my local machines but, I am not sure how set up the
router/firewall to allow vnc to be accessable on multiple local machines. I
am pretty sure I have to have separate ports for each, but I am not sure how
I go about the setup. Can anyone give me a hand? Thanks!
Brian
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBPJkcfSfv/7x7n0CPEQIaGwCg76VONelrue1Ch34eRt24uqNAT5wAoMdN
VSsiWGAHvUP+4Q3z/svmsMQe
=oxCG
-----END PGP SIGNATURE-----
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
