Quote:
--------------------[Internet]
-----------------------/
----------------------/(eth0)
---------------------/
---------------[Router] (Slackware 8.0)
------------------/
-----------------/(eth1)
----------------/
-------------[Hubb (10Mbit)]
-------------/--------------\
---[Computer 1]-------------[Computer 2]
--- WinXp (Standard)-------WinME
--- Linux Red Hat 7.2-------(192.168.0.22)
----(192.168.0.2)--------------(VNC client)
----(VNC Server and DC)
|
Only some questions/proposal:
- how do you connect to internet? (dialup, xdsl, cable,...)
- post here
#ifconfig output while you are connected to internet (for more privacy just x.x.x.x your internet address)
- are you sure that your router connect to internet directly without any firewall and/or SNAT (masqerade) that prevent you from reciving direct connection? To verify this just temp. start a daemon as telnet or sshd on your router and try to connect from the internet.
Other tests:
- just boot Computer 1 in linux, start sshd (port 22 tcp/udp) or telnet (port 23 tcp/udp), start #tcpdump host 192.168.0.2 and port <22/23> | tee logfile.log
on router:
just to clean and open *all*:
#iptables -F
#iptables -t nat -F
#iptables -P INPUT ACCEPT
#iptables -P OUTPUT ACCEPT
#iptables -P FORWARD ACCEPT
#iptables -t nat -P PREROUTING ACCEPT
#iptables -t nat -P OUTPUT ACCEPT
#iptables -t nat -P POSTROUTING ACCEPT
to make websurfing on:
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+ check websurfing here from Computer 2 to internet
start logging on server:
#tcpdump port <22/23> | tee logfile.log
to activate DNAT:
#iptables -t nat -A PREROUTING -i eth0 --dport <22/23> -j DNAT --to 192.168.0.2
+ try to connect from internet to your router internet address with ssh client (port 22) and/or telnet client (port 23)
+ check Computer 1 for tcpdump output
+ check Router for tcpdump output
Report results here
Last notes:
- this is a lot risky configuration because you are open to the world ... don't stay this way too long
- I ask you to try ssh or telnet in place of VNC because those services are simlper and there no problem with packet size and fragments. Just for the simplest use telnet.
- sorry for long whait for a reply ... just I had too work