[ previous ] [ next ] [ threads ]
 From:  "Aaron Cherman" <aaronc at morad dot ab dot ca>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] I am having a time getting m0n0wall to pass vnc to the nat side
 Date:  Sun, 4 Feb 2007 19:06:13 -0700
> >I am having a time trying to get m0n0wall to pass vnc traffic to
>> 5900 I can sit on the lan side on a switch and log in if
>> I am set to
>> But I can not come in through the wan interface ip 
>> can some one help me with the config. I have to have it done tonight so I
>> can get into my computer here at the house.
> Pretty easy to set up - I have a number of these coming into our network.
> First, you need to set up an Inbound NAT entry.  You will use the TCP 
> protocol and set the "External port range" to 5900 (from and to).  The NAT 
> IP will be your inside host -  Local port will also be 5900. 
> Then you need to add a firewall rule to allow traffic in - the easy way to 
> do this is check the box at the bottom of the page where you create the 
> Inbound NAT entry - "Auto-add a firewall rule to permit traffic through 
> this NAT rule".  This will add a firewall rule that will allow traffic 
> into the WAN interface that is destined for your local host (inside IP).

Forgot to mention - you may have to set the external port range (in the NAT 
entry and the firewall rule) to any if a remote firewall/router does any 
outbound port-mapping (ie. chooses random port number for source ports).

AND, you will not be able to test this while using this m0n0wall as a 
router.  See this FAQ...