Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Network routing mystery; ssh works, vncviewer doesnt



Sarah McGlinchey <sarahwithanx at gmail.com>Sarah McGlinchey wrote:
> If you SSH to a machine on the same subnet, can you telnet to VNC? 
> This will at least tell you if it is an issue with the VNC host or
> your remote connection.
> 
> If there are no firewall rules to force it to do so, OpenVPN is not
> going to treat connections to 5902 any different than 22.  I would
> suggest you verify VNC is accepting outside connections (including
> ones from the OpenVPN subnet).  Otherwise you may want to look at any
> firewall rules in between you and the server.

When I telnet to port 5902 from another machine on the same subnet as 
the remote machine, it connects.

When I telnet to port 5902 from the OpenVPN server, it connects.

The remote machine is the OpenVPN client; it initiates the conenction to 
  the OpenVPN server on my local end, if that makes any difference. The 
remote Windows XP users I need to support are also clients connecting 
into my local OpenVPN server.

The OpenVPN server uses the tap0 interface in routing mode; its iptables 
  rules include the following:

     # Allow OpenVPN traffic on tun and tap interfaces
     -A INPUT -i tun+ -j ACCEPT
     -A INPUT -i tap+ -j ACCEPT
     -A FORWARD -i tun+ -j ACCEPT
     -A FORWARD -i tap+ -j ACCEPT

As I understand it, this should allow all traffic over the tap0 
interface, and not filter any of it. Is this correct?

Hm, there are rules allowing ports 22 and 80 on the server, but none for 
vnc.  I'll try adding one for 5902 and see what happens. I would have 
thought the above rules made those others irrelevant for tap0, but maybe 
I was mistaken.

-- 
John Abreau / Executive Director, Boston Linux & Unix
ICQ 28611923 / AIM abreauj / JABBER jabr at jabber.org / YAHOO abreauj
Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9
PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jabr.vcf
Type: text/x-vcard
Size: 175 bytes
Desc: not available
URL: <http://lists.blu.org/pipermail/discuss/attachments/20051128/7cdace38/attachment.vcf>



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org