LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 06-01-2007, 09:16 AM   #1
Appiah
LQ Newbie
 
Registered: Oct 2006
Posts: 2

Rep: Reputation: 0
Allow services only from the "inside"


Hey there,

On iptables I only allow SSH and Http access for everyone and I would like to start using vncserver, well I already am... It's just that I dont want that port to be open to the public and since I usally tunnel my VNC sessions with SSH to get encryption I was wonder if there was a way for me to just remove the allow from Iptables , Start a SSH session with some tunneling and still be able to access the VNC session?

Someway to make me appear to be inside (?!)

I tried the " Local ports accepts connection from host "
and " Remote Ports do the same"
options and now when I try to connect with localhost:#### (vncports) VNC i dont get connection refused or timed out , but the password box never shows up?!

Last edited by Appiah; 06-01-2007 at 09:22 AM.
 
Old 06-01-2007, 12:54 PM   #2
raskin
Senior Member
 
Registered: Sep 2005
Location: Russia
Distribution: NixOS (http://nixos.org)
Posts: 1,893

Rep: Reputation: 68
So, you forward with
ssh -L vncport:127.0.0.1:vncport
and try to connect (not inside ssh) to 127.0.0.1:vncport ?
Also you can try 'ssh -X' and connect to 127.0.0.1:vncport inside ssh..
 
Old 06-06-2007, 12:46 PM   #3
Appiah
LQ Newbie
 
Registered: Oct 2006
Posts: 2

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by raskin
So, you forward with
ssh -L vncport:127.0.0.1:vncport
and try to connect (not inside ssh) to 127.0.0.1:vncport ?
I can connect like this but then I still need iptables allowing 5901 from the outside, if I remove the allow it will connect but I dont get to login and nothing happends...(?!)


Quote:
Originally Posted by raskin
Also you can try 'ssh -X' and connect to 127.0.0.1:vncport inside ssh..
Not an option since I will be on Windows XP/Vista without X servers (cygywin and such)
 
Old 06-06-2007, 01:01 PM   #4
raskin
Senior Member
 
Registered: Sep 2005
Location: Russia
Distribution: NixOS (http://nixos.org)
Posts: 1,893

Rep: Reputation: 68
Does VNC still work from localhost when you forbid it from outside? Also try some sniffer (Wireshark is very good) to see what exactly packets are coming. Use 'any' interface to see both Ethernet and loopback traffic. Does first packet go through ssh? Does sshd send a packet to VNC server? What interface does it use?
 
  


Reply

Tags
encryption, iptables, vncserver


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to tell "find" to not search inside hidden folders? robo555 Linux - General 8 08-08-2011 06:30 AM
"Hello world message is not printing" while loading the modules inside kernel Nishant Desai Linux - Kernel 9 08-31-2009 01:38 PM
Search for "0 replies" threads only inside of the forum zahadumy LQ Suggestions & Feedback 12 12-18-2005 11:36 AM
perhaps a separate forum for X/KDE/Gnome/etc. inside "Linux - Software"? sether LQ Suggestions & Feedback 2 09-27-2004 02:52 PM
serving website from inside chroot "Permissions" jeffpoulsen Linux - Security 1 07-01-2004 01:55 PM


All times are GMT -5. The time now is 03:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration