Restricting Port access

mdraja · Mar 22, 2004

Hi
I would like to restrict users to only using SSH (port 22) to connect to VNC (port 5901). How can I prevent users logging in directly to port 5901 and force them to go through ssh?

Any help greatly appreciated

mdraja · Mar 22, 2004

Sorry forgot to mention that I cannot block this port on the firewall.

thedaver · Mar 22, 2004

Put up a local firewall on the VNC server so that external access to the port is disallowed, but local access is allowed.

Surfinbox.com Business Internet Services - National Dialup, DSL, T-1 and more.

http://www.surfinbox.com/business/

mdraja · Mar 22, 2004

Any suggestions on websites/documents where help is provided in setting this up?

bcastner · Mar 22, 2004

There are several ways to do this, depending on your OS version.

One way that works quite well under Windows 2000/XP/Windows 2003 is using IPSEC settings:

http://www.petri.co.il/block_web_browsing_with_ipsec.htm

thedaver · Mar 22, 2004

OK, bcastner threw out "tunneling", so I will advocate

OpenVPN

http://openvpn.sf.net/

For the firewall itself, use Jay's Firewall

http://firewall-jay.sf.net/

They're both easy, friendly, and super functional.

Full disclosure: I use them, but am not affiliated with them or their developers.

Surfinbox.com Business Internet Services - National Dialup, DSL, T-1 and more.

http://www.surfinbox.com/business/

mdraja · Mar 23, 2004

only problem is that the server where VNC sits is on an AIX box and not Windows. Unfortunately, IPSec is not filtering as I would like.. any other ideas

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Restricting Port access

mdraja

Programmer

mdraja

Programmer

thedaver

IS-IT--Management

mdraja

Programmer

bcastner

IS-IT--Management

thedaver

IS-IT--Management

mdraja

Programmer

Similar threads

Part and Inventory Search

Sponsor