[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: vnc and pf



On Tue, 2004-12-28 at 11:57, Jayel Villamin wrote:
> I have been looking at this tcpdump log for the last hour.
> ------
> 03:26:46.533038 192.168.1.2.1115 > 192.168.2.2.5905: S
> 111902708:111902708(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
> -----
> I have 2 subnets behind my obsd firewall. 192.168.1.0/24 and 192.168.2.0/24.
> 
> as can be seen in the log, I'm trying to connect (via VNC) from
> 192.168.1.2 to 192.168.2.2. But every time I try it, PF blocks the
> connection which is correct cause the first packet filtering rule is a
> "block log all".
> 
> I have tried numerous rule combo without much luck. I am not an expert
> with tcp internals so I really really appreciate if you could write
> the rule for me. Thanks :)

have you looked through:

  http://www.openbsd.org/faq/pf/index.html

and also:  man 5 pf.conf

in the spirit of the season:

  pass inet proto tcp from 192.168.1.2 to 192.168.2.2 port = 5905 \
    flags S/SA keep state

-j

--
"Oh, so they have internet on computers now!"
	--The Simpsons



Visit your host, monkey.org