Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with VNC and NAT error @357

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      matthewm
      last edited by

      I cant seem to get NAT working for VNC, every time I try to connect I get the following

      @357 block drop in log quick all label "Default block all just to be sure."

      Apr 4 08:11:15 NG0 xxxxxxxxxx:55757 xxxxxxxxxxx:6666

      In nat external port 6666 is fowared to a local ip 192.168.0.7:5900

      Why does it block it? I cant seem to find this rule anywhere? is it something to do with snort (which is installed?)

      Thanks for your help!

      1 Reply Last reply Reply Quote 0
      • P
        Perry
        last edited by

        Not the answer your looking for but it's really a bad idea to use vnc alone.

        It's a security issue of tragic proportions, even the VNC creators advise against using it over the internet or other unsecured networks unless via an encrypted tunnel, it wasn't designed to be secure.

        If you want to use VNC remotely, your best bet is to do it over ssh, which is designed to provide secure and encrypted remote connectivity to your system.

        So if your using windows make a ssh tunnel with freesshd and putty.
        There is some help / tips in this mac guide http://howto.diveintomark.org/remote-mac/

        /Perry
        doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • H
          hoba
          last edited by

          Are you sure your NAT and the according firewallrule is correct? You need a firewallrule on top of your NAT or it won't work (though it will be autocreated unless you untick the box when creating the portforward). Just in case you added the portforward from 5900 to 5900 when you created it and changed it to that other port later by editing it the autocreated firewallrule won't be changed automatically. You will have to change that as well manually. The rule that triggers your blog is the invisible default block all rule present at each interface as everything that is not explicitly allowed will be blocked.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.