Im trying a new program called realVNC. It''s a server program that runs on a win box. It listens on port 5900. The thing is that I use a client to connect to it from linux. With shorewall running I cant access it. This is local. I could understand if it was from the internet. The port that its coming in from the win box to linux is 33060. Any reasons why this shouldn''t work? Im running mandrake 9.0. I have been told that mandrake has messed things up can anyone tell me how and where. I have read almost the how site of shorewall. To still have problems. Is there any better firewall software out there with Some documentation that makes any sense? Thanks John
from my understanding, shorewall shouldnt be involved if this is on the LAN? are you going from the DMZ to the LAN? and that is being blocked? If so, check your "shorewall show log" and see whats being rejected or dropped when attempting to connect to the VNC server. You might need to open up port 5800 or 5801. When installed on a windows machine, its listening on port 5801 by default. At least it is on the PC''s i''ve installed it on. I''m not familiar with Mandrake. So you might want to check shorewall''s website to see if there''s any specific instructions for installing it on mandrake. If it came pre-installed. I would uninstall it and follow the directions on the shorewall website on doing a fresh install and configuring using one of the provided config files that are available for download on the shorewall site. Far as I know, Shorewall is the best firewall package for its price and support. And I''m not sure what you meant about the website. The only thing i found confusing was the use of "snat" for both source NAT and Static Nat. Otherwise it seems to cover all the functions of shorewall very thoroughly and clearly. Clearly enuff for me to understand and implement my first firewall with minimal support needed. Jayson ----- Original Message ----- From: "John L. Goodale" <jgoodale@satx.rr.com> To: <shorewall-users@lists.shorewall.net> Sent: Thursday, February 13, 2003 12:02 PM Subject: [Shorewall-users] Local> > Im trying a new program called realVNC. It''s a server program that > runs on a win box. It listens on port 5900. The thing is that I use a > client to connect to it from linux. With shorewall running I cant > access it. This is local. I could understand if it was from the > internet. The port that its coming in from the win box to linux is > 33060. > > Any reasons why this shouldn''t work? > > Im running mandrake 9.0. I have been told that mandrake has messed > things up can anyone tell me how and where. > I have read almost the how site of shorewall. To still have problems. Is > there any better firewall software out there with > Some documentation that makes any sense? > > Thanks > > John > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users > >
John L. Goodale wrote:> Im trying a new program called realVNC. It''s a server program that > runs on a win box. It listens on port 5900. The thing is that I use a > client to connect to it from linux. With shorewall running I cant > access it. This is local. I could understand if it was from the > internet. The port that its coming in from the win box to linux is > 33060. > > Any reasons why this shouldn''t work? > > Im running mandrake 9.0. I have been told that mandrake has messed > things up can anyone tell me how and where. > I have read almost the how site of shorewall. To still have problems. Is > there any better firewall software out there with > Some documentation that makes any sense? >It that''s your way of asking for free support for a free product, you need to work on your approach. Nevertheless: a) I understand that you are trying to connect from your firewall to a local system. b) The default policy for such connections is reject (see /etc/shorewall/policy). c) Mandrake further confuses things by having two zones corresponding to the local network. More confusing, the one that is called ''masq'' is the one that you want to use. The one called ''loc'' (which corresponds to the name that all of the Shorewall documentation uses) is empty!!! d) Our usual recommendation for Mandrake users is to: 1. Uninstall the Mandrake Shorewall RPM 2. Download and install the current Shorewall RPM from our web site. 3. Follow the instructions in /etc/shorewall/two-interface.htm. e) Regardless, you can either open the the port(s) you need from fw->masq using the /etc/shorewall/rules file; OR you can add an ACCEPT policy from fw->masq in the /etc/shorewall/policy file. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> 3. Follow the instructions in /etc/shorewall/two-interface.htm.Doh -- make that http://www.shorewall.net/two-interface.htm -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Jayson wrote:> The only thing i > found confusing was the use of "snat" for both source NAT and Static Nat.Jayson, Can you point me to the places that you find confusing regarding SNAT? I have NEVER intentionally used the term SNAT to refer to Static NAT so if there are places where that is occuring then they are bugs in the docs that need correcting. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net