Hi, I've decided allow access to just on box in my lan (and only by request) so I added this rule to my firewall:
ACCEPT wan lan:my.local.ip:5900 tcp 5900 all And worked very well. I couldn't use DNAT buecause the box that generates the connection has a dinamic IP. Thanks all, Hernan --- Patrick Usher <[EMAIL PROTECTED]> wrote: > Hi Hernan, > The Dnat rule who look like: > DNAT wan:w.x.y.z lan tcp 1024:65535 - (were w.x.y.z > is the IP of the > outside box) . That way you can open up ports but > only to your IP. Is The > outside box initiating the connection? You also may > want to try changing the > ports on your wan to lan accept rule to all high > ports before creating a > DNAT rule to see if that does it. If the connection > is always coming in on > 2216 or 2664 you could create one rule for each port > and only have the two > open. > > Best regards, > Patrick > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Hernan > Castaneda > Sent: Wednesday, August 18, 2004 1:07 PM > To: [EMAIL PROTECTED] > Subject: RE: [2][Security Firewall] Problem witn VNC > > > Hi Patrick, > > The connection isn4t using any UDP packet, the > rejects > in the log are tcp packets coming from remote ports > 2216 or 2664 to my firewall port 5900. > > The connection will be "on-2-many" > > I'm not familiar with the DNAT, What do I have to > do? > > Best Regards, > > Hernan > > --- Patrick Usher <[EMAIL PROTECTED]> wrote: > > > Hi Hernan, > > Is the VNC service using any UDP packets? Do you > > show any rejects in the > > log? You may want to try a DNAT rule in place of > the > > ACCEPT. Are you > > connecting from the outside box to just one of the > > inside boxes or will the > > connection need to involve more than one inside > > machine ("one to one" or > > "one to many")? > > > > Best regards, > > Patrick > > > > > ===== > "Stay Free, find your own path, live with greatness > and pride. Just stay beside the things that are > really eternal; otherwise keep flying..." > > MORION ARBENET LUOSKRAD > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
