Help with VNC and NAT error @357



  • I cant seem to get NAT working for VNC, every time I try to connect I get the following

    @357 block drop in log quick all label "Default block all just to be sure."

    Apr 4 08:11:15 NG0 xxxxxxxxxx:55757 xxxxxxxxxxx:6666

    In nat external port 6666 is fowared to a local ip 192.168.0.7:5900

    Why does it block it? I cant seem to find this rule anywhere? is it something to do with snort (which is installed?)

    Thanks for your help!



  • Not the answer your looking for but it's really a bad idea to use vnc alone.

    It's a security issue of tragic proportions, even the VNC creators advise against using it over the internet or other unsecured networks unless via an encrypted tunnel, it wasn't designed to be secure.

    If you want to use VNC remotely, your best bet is to do it over ssh, which is designed to provide secure and encrypted remote connectivity to your system.

    So if your using windows make a ssh tunnel with freesshd and putty.
    There is some help / tips in this mac guide http://howto.diveintomark.org/remote-mac/



  • Are you sure your NAT and the according firewallrule is correct? You need a firewallrule on top of your NAT or it won't work (though it will be autocreated unless you untick the box when creating the portforward). Just in case you added the portforward from 5900 to 5900 when you created it and changed it to that other port later by editing it the autocreated firewallrule won't be changed automatically. You will have to change that as well manually. The rule that triggers your blog is the invisible default block all rule present at each interface as everything that is not explicitly allowed will be blocked.


Log in to reply