-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Good morning, We use VNC here to administer various machines, both here in the office and at remote sites. All I have done is to add to Charlse's scripts in network.conf and ipfilters. I originally copied the section used for the internal ssh server, then extended that for multiple entries. Unfortunately I haven't had time to turn it into a walk list as I'm sure it can be done and I would be interested to know how. VNC connects on port 5900 so we blocked that in the silent deny section and assigned our own high ports for use with VNC as follows: - From network.conf INTERN_VNC_SERVER0=192.168.2.30 # Internal VNC server to make available EXTERN_VNC_PORT0=59613 # External port to use for internal VNC access INTERN_VNC_SERVER1 .... Add more as necessary and don't forget to add the corresponding sections to ipfilters.conf - From ipfilters.conf if [ -n "$INTERN_VNC_SERVER0" ] ; then if [ -n "$EXTERN_VNC_PORT0" ] ; then $IPMASQADM portfw -a -P tcp -L $EXTERN_IP $EXTERN_VNC_PORT0 \ -R $INTERN_VNC_SERVER0 vnc else $IPMASQADM portfw -a -P tcp -L $EXTERN_IP vnc \ -R $INTERN_VNC_SERVER0 vnc fi fi NOTE: I added vnc 5900/tcp to the services file in /etc and I have allowed for the default port,5900, to be used if an external port is not specified for each machine. I use the same arrangement to allow our users to access an internal VPN server and a couple of development web servers. We currently have 6 separate internal VNC servers which allow developers and system admins to access their machines from home. Andrew GRAY System Administrator / Senior Technician VQA Australasia Phone : (07) 3804 9822 Fax : (07) 3807 8633 Mobile : 0418 734 078 ___________________________________________ NOTICE The information contained in this electronic mail message is privileged and confidential, and is intended only for use of the addressee. If you are not the intended recipient, any disclosure, reproduction, distribution or other use of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Henning, Brian Sent: Thu, 21 Mar 2002 04:52 To: [EMAIL PROTECTED] Subject: [Leaf-user] vnc Hello- I am using LEAF with the echowall firewall package on a pentium 1. This router/firewall serves my two windows machines. I set up echowall to access a vnc server on one of my local machines but, I am not sure how set up the router/firewall to allow vnc to be accessable on multiple local machines. I am pretty sure I have to have separate ports for each, but I am not sure how I go about the setup. Can anyone give me a hand? Thanks! Brian _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPJkcfSfv/7x7n0CPEQIaGwCg76VONelrue1Ch34eRt24uqNAT5wAoMdN VSsiWGAHvUP+4Q3z/svmsMQe =oxCG -----END PGP SIGNATURE----- _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user