vnc port though firewall Re: VNC: vncviewer no route to host on same lan
Alexander Dalloz
ad+lists at uni-x.org
Mon Mar 28 12:10:54 UTC 2005
Am Mo, den 28.03.2005 schrieb Neil Dugan um 3:15:
> > Thanks - that was it. I added:
> >
> > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
> >
> > to /etc/sysconfig/iptables and the Sun is shining once again.
> >
> I am doing the same thing but I used a different command to open the
> port though the firewall.
> -A RH-Firewall-1-INPUT -p tcp --dport 5901 -j ACCEPT
>
> As this is different from above could there be any problem using this?
>
> Regards Neil
The difference between yours and Richard's iptables rule is, that he
uses the "state" of the connection to decide about the acceptance. You
omit that part. As the default iptables rules of the Fedora Core
firewall setup have a rule which allows all incoming connections in
state ESTABLISHED and RELATED, the "--state NEW" command is not really
necessary. Although it can make the structure of the iptables rules more
clear.
If still in doubt Neil, feel free to ask again, as understanding the
rules you use is elementary for securing your system's services.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.10-1.770_FC2smp
Serendipity 14:05:49 up 11 days, 11:02, load average: 0.53, 0.56, 0.49
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050328/f560de0a/attachment-0001.sig>
More information about the fedora-list
mailing list