[GLLUG] Port forwarding
Marshal Newrock
marshal at simons-rock.edu
Fri Sep 5 15:02:53 EDT 2003
On Fri, 5 Sep 2003, troettger at comcast.net wrote:
> Is their a way I can forward port 5900 on my eth0 interface to port 21 or 81 on
> the same interface? I haven't played around with iproutes a whole lot but I am
> trying to get tightvnc to work through my firewall on my corporate LAN at work.
> I have a server running apache and tightvnc server, amoungst othter things, and
> have setup a webpage that will load tightvnc java onto the client machine
> visiting the page and then let them use tight vnc through the browser to my kde
> desktop. Problem is my corporate lan blocks all ports but 443, 21, 23, 80, and
> 81.
>
> If anyone may have an alternate way of doing this I would appreciate a quick
> rundown. My work pc is a WinXP machine.
I haven't done it myself, but I believe it would be as follows:
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp -d [your.ip]
--destination-port 81 -j REDIRECT --to-ports 5900
explanations:
You must have all apropriate iptables support compiled, including nat
support and REDIRECT target support. Anything being sent to port 81
on your machine gets sent to port 5900 on your machine. If your machine
is a gateway, then omitting the -d will mean that every connection to port
81 is redirected to 5900 on your machine.
You can also look at the DNAT target, but I think REDIRECT is correct.
It also occurs to me that the simplest thing to do would be to change the
port that tightvnc listens on.
--
Marshal Newrock, unemployed Linux user in Lansing, MI
Caution: Product will be hot after heating
More information about the linux-user
mailing list