From: Bosse Klykken <bosse+netfilter@klykken.com>
To: netfilter@lists.netfilter.org
Subject: Re: iptables help
Date: Thu, 4 Nov 2004 23:39:07 +0100 [thread overview]
Message-ID: <20041104223907.GA25863@klykken.com> (raw)
In-Reply-To: <s18a0743.032@dsi.a-star.edu.sg>
On Thu, Nov 04, 2004 at 10:40:51AM +0800, Wei Ming Long wrote:
> VNC Server 192.168.1.4
> |
> | --------> ssh tunnel on port 5800
> |
> eth1= 192.168.1.2
> |
> Linux Gateway
> |
> eth0=192.168.33.167
> |
> |
> WindowsXP 192.168.33.164
>
>
> Requirement: To be able to access the VNC Server behind the Linux gateway
> using the web browser on port 5800 tunneled through ssh.
If the 192.168.33.0/24 network has a valid route for the 192.168.1.0/24
network through the Linux gateway, then you could SSH directly to the
VNC server without NAT. On the Windows XP machine you can use plink or
putty to make the port mappings, and point the XP web browser to
localhost.
Be advised that VNC port 5800 has java stuff only, while I believe that
VNC traffic still will transmit on port 5900, so you might need to
create an additional SSH tunnel, if you can't use a vncviewer on the XP
machine and do with a SSH port link on port 5900.
> I created a ssh tunnel between the VNC Server(192.168.1.4) & the Linux
> Gateway(192.168.1.2) for port 5800
OK, you can do this if the networks are not routable with each other.
For troubleshooting I would get a vncviewer on the XP box, instead of
fiddling around with the java stuff. When you can get an ordinary
connection with a vncviewer on port 5900, you can try creating another
SSH tunnel for port 5800, and see if you can access the java client.
On the linux box, you can run this:
ssh -N -L 5800:localhost:5800 192.168.1.4
ssh -N -L 5900:localhost:5900 192.168.1.4
And then go to http://192.168.33.167:5800 from your XP web browser.
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to
> 192.168.1.2:5800
I don't really see the need for NAT here.
.../Bosse
--
Bosse Klykken - http://www.klykken.com/~bosse
Keep staring. I might do a trick.
next prev parent reply other threads:[~2004-11-04 22:39 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-04 2:40 iptables help Wei Ming Long
2004-11-04 21:02 ` Jason Opperisano
2004-11-04 22:39 ` Bosse Klykken [this message]
-- strict thread matches above, loose matches on Subject: below --
2004-12-15 23:09 IPTABLES HELP Burton
2004-12-15 23:17 ` Jason Opperisano
2004-07-28 23:20 iptables help Ashley M. Kirchner
2004-07-29 6:32 ` Antony Stone
2004-05-31 16:20 iptables Help Daniel Chemko
2004-05-31 10:36 Vinay Poojary
2003-10-13 3:04 iptables help George Vieira
2003-10-10 4:45 JM
2003-10-10 5:29 ` Ralf Spenneberg
2003-10-13 3:12 ` JM
2003-02-17 6:15 Laxman Gummadavally
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041104223907.GA25863@klykken.com \
--to=bosse+netfilter@klykken.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox