Hello, I am a bit confoosed here. I want to forward a vnc connection using iptables. I know about ssh forwarding, but security is not as big a priority as speed and simplicy for the person on the client-end are in this case. On my fw gateway, which does NAT with no problems, I ran: iptables -t nat -I PREROUTING -p tcp --dport 5801 -J DNAT --to-dest x.x.x.x ...where x.x.x.x is the IP of my internal vnc server. Connecting to the vnc server (via tightvnc's java/web-browser interface) from within the local network works fine. But anyone who goes through the gateway gets an ICMP Destination Unreachable. I set up some logging rules to check, and here's what I can say pretty positively: The packets hit PREROUTING and FORWARD, but not INPUT or OUTPUT, as expected. All chains on the gateway ACCEPT by default The firewall on the client and vnc server is down Here's an example log entry: >From PREROUTING IN=eth0 OUT= MAC=xxxxxxx SRC=vnc-client-ip DST=nat-gw-ip LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=31247 DF PROTO=TCP SPT=1612 DPT=5801 WINDOW=65535 RES=0x00 SYN URGP=0 >From FORWARD IN=eth0 OUT=eth0 SRC=vnc-client-ip DST=vnc-server-ip LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=31276 DF PROTO=TCP SPT=1612 DPT=5801 WINDOW=65535 RES=0x00 SYN URGP=0 I guess I must just be missing something. If anyone has a suggestion, I'd love to hear it. --Brad
