Re: vnc port though firewall Re: VNC: vncviewer no route to host on same lan

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Mo, den 28.03.2005 schrieb Neil Dugan um 3:15:

> > Thanks - that was it. I added:
> > 
> > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
> > 
> > to /etc/sysconfig/iptables and the Sun is shining once again.
> > 
> I am doing the same thing but I used a different command to open the
> port though the firewall.
> -A RH-Firewall-1-INPUT -p tcp --dport 5901 -j ACCEPT
> 
> As this is different from above could there be any problem using this?
> 
> Regards Neil

The difference between yours and Richard's iptables rule is, that he
uses the "state" of the connection to decide about the acceptance. You
omit that part. As the default iptables rules of the Fedora Core
firewall setup have a rule which allows all incoming connections in
state ESTABLISHED and RELATED, the "--state NEW" command is not really
necessary. Although it can make the structure of the iptables rules more
clear.

If still in doubt Neil, feel free to ask again, as understanding the
rules you use is elementary for securing your system's services.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.10-1.770_FC2smp 
Serendipity 14:05:49 up 11 days, 11:02, load average: 0.53, 0.56, 0.49 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux