Koozali.org: home of the SME Server

IPchains & VNC

Neal Rowan

IPchains & VNC
« on: March 19, 2003, 01:54:13 AM »
I am running SME 5.5 its been a fresh install about 2 weeks ago.

The SME machine is connected to router which controllers internet access, all the clients in turn are connected to the SME machine the router as been pinholed to allow VNC connections on port 5900 and 5901.  

I want to be able to vnc into 5900 and it will connect to the VNC server, and if i vnc to 5901 it will connect to one of the client behind the SME server, i am having problems trying to get this going.

This was working with the previous install of RedHat 7.2

This is the only entry i have in my ipchains rules to goes with vnc at the port is
11   ACCEPT     tcp  ------  anywhere             192.168.1.1           any ->   5900
12   ACCEPT     tcp  ------  anywhere             192.168.1.1           any ->   5901

5900 go to server ip
5901 should be going to client address thru eth1 on the 10.* network

Bill Talcott

Re: IPchains & VNC
« Reply #1 on: March 19, 2003, 05:11:38 PM »
If you have the SME behind a router with a private IP, and another LAN behind the SME with a different range of private IPs, you need to forward both ports from the router to the SME. Then on the SME, open port 5900 (to allow access, closed by default) and forward port 5901 to the client PC.

The router will send anything on 5900 or 5901 to the SME. The SME will accept 5900 and forward 5901 to the PC.

Neal Rowan

Re: IPchains & VNC
« Reply #2 on: March 21, 2003, 01:06:17 AM »
I have pinholed thethe router to send packets to the SME server 192.168.1.1 on port 5900 and 5901.

and by using the port open in service manager i have opened these two ports
and by using the port forward in service manager i have forwarded 5901 to 10.0.0.107 (SME server) and 10.0.0.2 (client inside network)

Problem is vnc is still telling me that there it can't create a connection

steve

Re: IPchains & VNC
« Reply #3 on: March 22, 2003, 01:38:45 AM »
did you install the vnc server on your SME server?
you will need to install that before you can VNC to it
why not just use ssh?
if you are trying to do this from outside of your lan, you should pptp into the SME server and then vnc inside to the client
vnc does not encrypt any of your traffic and should not be used over the Internet without being tunnelled through a vpn or ssh tunnel

hth

steve

Dan Brown

Re: IPchains & VNC
« Reply #4 on: March 22, 2003, 01:46:37 AM »
You won't be able to use VNC to control the server, as the server doesn't have a GUI.  You'll need to, as Steve suggested, use SSH.  And once you have an SSH connection, it's trivial to create a tunnel that'll let you use VNC through to your client machine.