Depends from where you are accessing it and where vncserver is running.
If vncserver is running on the firewall
ACCEPT net fw tcp 5900:5910 # access from internet
ACCEPT loc fw tcp 5900:5910 # access from local network
If vncserver is running behind the firewall, you will need a proxy or
read what follows.
If using java viewer, open 5800:5810 (if I remember correctly).
Note that accessing your firewall this way is not secure as VNC traffic
is not encrypted and VNC authentication is pretty weak.
A much better approach is using ssh for accessing your firewall and
redirecting the VNC traffic over your ssh tunnel
from a machine (remote) on the internet, type the following: assuming
vncserver was started on :1
ssh -L 5901:localhost:5901 <firewall_running_vncserver_ip>
Then in an another xterm, on the machine (remote) type
vncviewer localhost:1 (note that you might want to try different
compression algorithm because vncviewer will think your vncserver is
local. See vncviewer man page)
WHat you are doing here is start a ssh session while redirecting all tcp
traffic from the host 5901 port to your local port 5901. Then call
vncviewer looking at your own 5901 port.
The advantage of such solution is now you can also access machine
running vncserver behind your firewall without using a proxy
ssh -L 5901:<machine behind firewall ip>:5901 <firewall ip>
Hope that helps
Pascal
On Wed, 2003-01-29 at 17:10, Shaun Marolf wrote:> I finally figured out Shorewall and have configured my Internet Sharing and
> have configured my Samba access, webmin access and SSH access. How do I
> configure access for VNC and to allow the local host to access the Internet
> as well (I need this to get updates and software packages.)
>
> Thanks,
> Shaun Marolf
>
> Mandrake 9.0
>
> ______________________________________________________________________
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.shorewall.net
> http://lists.shorewall.net/mailman/listinfo/shorewall-users