From owner-freebsd-questions@FreeBSD.ORG Mon May 9 23:33:22 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 356E716A4EB for ; Mon, 9 May 2005 23:33:22 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 795D443D91 for ; Mon, 9 May 2005 23:33:21 +0000 (GMT) (envelope-from calvin.lane@gmail.com) Received: by rproxy.gmail.com with SMTP id a41so876231rng for ; Mon, 09 May 2005 16:33:21 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:references; b=YUmZstmIvGphQB8JSzEkvv8TtC2qFMBek9N95FLW6UbhtK39PgW0fWSzoML3qRV+abONj+F6bndrAIpTaSFzpZbnJmBbZpOtjkqOWim1b5iumltqgoWQNdTqU2QVyQ33tz3/hFO6e6mUQ0Ip3G1sQvux4pX7aFIS+skm5mfU6h4= Received: by 10.38.76.67 with SMTP id y67mr1730136rna; Mon, 09 May 2005 16:33:21 -0700 (PDT) Received: by 10.38.76.63 with HTTP; Mon, 9 May 2005 16:33:21 -0700 (PDT) Message-ID: <995be75e05050916331db78f13@mail.gmail.com> Date: Mon, 9 May 2005 19:33:21 -0400 From: Calvin Lane To: Karan Gupta In-Reply-To: <00ef01c554cd$c30aa210$442aa8c0@ping.co.la> Mime-Version: 1.0 References: <00ef01c554cd$c30aa210$442aa8c0@ping.co.la> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: freebss-isp@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: RealVNC X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Calvin Lane List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 May 2005 23:33:22 -0000 Hello Karan, I have RealVNC going through a number of BSD firewalls/gatways. Most of my= =20 BSD boxes are 4.9 or 4.10. I'm using ipfilter as my firewall. Here is what = I=20 do: in ipnat.rules rdr xl0 xxx.xxx.xxx.xxx/32 port 5800 -> 192.168.0.12 port 5800 rdr xl0 xxx.xxx.xxx.xxx/32 port 5900 -> 192.168.0.12 port 5900 in ipf.rules pass in quick on xl0 proto tcp from any to any port =3D 5800 flags S keep= =20 state keep frags pass in quick on xl0 proto tcp from any to any port =3D 5900 flags S keep= =20 state keep frags These are the only lines that I use to connect to internal machines on VNC= =20 through my firewall. Let me know how this works for you. Calvin Lane calvin.lane@gmail.com =20 On 5/9/05, Karan Gupta wrote:=20 >=20 > Need help..have gone through google/docs but am still confused. > Im running, >=20 > FreeBSD aaa.bbb.com 4.9-RELEASE FreeBSD 4.9-RELEASE#= 4:=20 > aaa.bbb.com:/usr/src/sys/compile/GENERIC i386 >=20 > its acting as a router running NAT, IPFW and DHCP >=20 > INTERNET<------>fBSD<------>x.x.x.x(win2k machine running RealVNC server= =20 > on the local network, it has a static IP) >=20 > a.a.a.a: is the ext_ip_fbsd > x.x.x.1: is the int_ip_fsd > x.x.x.x: Win2k on the local network running RealVNC server >=20 > I want to connect to the win2k machine from the internet. > i have natd.conf with > same_port yes > redirect_port tcp x.x.x.x:5800-5900 a.a.a.a:5800-5900 > redirect_port udp x.x.x.x:5800-5900 a.a.a.a:5800-5900 >=20 > ###ipfw with##### > ipfw -f flush > ##### rl0 is the ext interface ##### > /sbin/natd -interface rl0 -s > ipfw add 999 divert natd all from any to any via rl0 >=20 > I can get on the internet just fine, can ssh to the fBSD from the outside= =20 > as well. > Heres the nmap output, > Port State Service > 21/tcp open ftp > 22/tcp open ssh > 25/tcp open smtp > 80/tcp open http > 443/tcp open https > 587/tcp open submission >=20 > I guess i need to open the ports on the firewall....nothing that i tried= =20 > worked. >=20 > Any suggestions? >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >