From: Per-Olov Sjöholm (posincedo.org)
Date: Mon Feb 07 2005 - 06:06:13 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday 07 February 2005 11.42, John Wall wrote:
> Hi all,
>
> I have tried to get VNC trough NAT working all weekend now with no
> succsess. Maby you gys got the answer.
>
> Here is my vnc rules:
>
> $iftru # Trusted if (em0)
> $ifext # External if (fxp0)
> $vnc # 192.168.2.140 port 5901
>
> rdr on $ifext proto {udp,tcp} from any to $ifext \
> ~ port 5901 -> $vnc port 5901
>
> pass log inet proto tcp from any to $vnc port 5901 flags S/SA keep state
>
> The log:
>
> pass in on fxp0: 62.13.20.7.40190 > 192.168.2.140.5901
> pass out on em0: 62.13.20.7.40190 > 192.168.2.140.5901
>
> I run sniffit on $vnc and no connections are made to $vnc why?
>
> I'm trying to connect from outside not from the internal-lan.
>
> What am I going wrong? Does not rdr work to internal lan?
>
> I really need help with this one please!

How about....

INTERNET_INT="em1"
LAN_INT="em0"
ALL_INTERFACES="{" $LAN_INT $INTERNET_INT "}"
VNC_CLIENTS="{ 200.200.200.200 201.201.201.201 }"
PC_TARGET1="192.168.1.2"
nat on $INTERNET_INT from $LAN_INT:network to any -> $INTERNET_INT
rdr on $INTERNET_INT proto tcp from any to $INTERNET_INT port 5901 ->
$PC_TARGET1 port 5901
pass out on $ALL_INTERFACES inet proto {tcp udp icmp} all keep state
pass in log quick on $INTERNET_INT inet proto tcp from $VNC_CLIENTS to
$PC_TARGET1 port { 5901 } flags S/SA keep state

/Per-Olov

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]