Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
allows me to directly access 51.121.44.25 masqueraded from my Mac at 191.162.209.20, but I don't know how I can forward incoming Xwin ports so that the Xwin connection from 51.121.44.25 to 191.162.209.20 becomes possible.
to forward all Xwin ports from the remote network to my Mac, but still a connection is not possible :-(
I guess I missed a couple of ports, but I don't know which. Also I don't know how to get appropriate debug messages to find the correct way myself :-((
Is anyone out there willing to point me into the right direction?
Sorry for the delay in replying but your post looked a bit too confusing, but I think I see the problem now
Why do you do NAT for the 51.121.0.0 network ?
It's a real addresses in your routing table so the packets should be forwarded like a router would.
you should be able to ping it from your mac without nat, also the ports don't need to be DNAT back, just allow your firewall to accept input from the 51.121.0.0/16 subnet with port ranges from 6000 to 6300 and all outputs from port 1023:65535 to 1023:65535
Well, the linux box only has one remote IP (51.121.98.254), since this is a single PPP dial-in connection only into the 51.121.0.0 net.
I cannot change Routing for "external IPs" in the 51.121.0.0 net (like for my Mac 191.162.209.20), therefore I must use my internal ip 51.121.98.254 to connect back to my systems from 51.121.44.25 ...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.