Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
850 views

VNC with single public IP and multiple servers

Have three SLES10 / OES2 servers behind firewall with single public IP. Would like to VNC to each from outside.

is there a way to NAT to different VNC ports on each server? for example, server1 listens on 5901, server2 on 5902 and so on. (or whatever port is appropriate).

have tried changing ports in etc/xinetd.d/vnc file and NATing each port to each server, but not sure if correct or if that's even the right way, as maybe the second 'instance' to each server is already 5902.

tx
Labels (2)
0 Likes
4 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Hi.

On 26.03.2014 04:36, bertschj wrote:
>
> Have three SLES10 / OES2 servers behind firewall with single public IP.
> Would like to VNC to each from outside.
>
> is there a way to NAT to different VNC ports on each server? for
> example, server1 listens on 5901, server2 on 5902 and so on. (or
> whatever port is appropriate).
>
> have tried changing ports in etc/xinetd.d/vnc file and NATing each port
> to each server, but not sure if correct or if that's even the right way,
> as maybe the second 'instance' to each server is already 5902.


You're looking at the wrong spot here. That sure works, but you don't
need to do a thing on the SLES servers, but on the firewall. You need to
port forward three individual ports of your chosing to the VNC port on
the three servers. The VNC port on the servers itself can stay the same,
they don't have to match the port on the firewall that's forwarded.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Absent Member.
Absent Member.

Thanks Massimo

But if I only have 1 public IP, how can I get to server2 (or 3) by just forwarding the port/server within FW? Meaning, how will it know to go to the port I specify in port forward?

I can add the port to end of VNC xxx.xxx.xxx.xxx:5902, but then wouldn't I need to also have that port listen exclusively on the server I'm trying to get to?

I kinda get what you're saying but.... : )



mrosen;2312519 wrote:
Hi.

On 26.03.2014 04:36, bertschj wrote:
>
> Have three SLES10 / OES2 servers behind firewall with single public IP.
> Would like to VNC to each from outside.
>
> is there a way to NAT to different VNC ports on each server? for
> example, server1 listens on 5901, server2 on 5902 and so on. (or
> whatever port is appropriate).
>
> have tried changing ports in etc/xinetd.d/vnc file and NATing each port
> to each server, but not sure if correct or if that's even the right way,
> as maybe the second 'instance' to each server is already 5902.


You're looking at the wrong spot here. That sure works, but you don't
need to do a thing on the SLES servers, but on the firewall. You need to
port forward three individual ports of your chosing to the VNC port on
the three servers. The VNC port on the servers itself can stay the same,
they don't have to match the port on the firewall that's forwarded.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

On Wed, 26 Mar 2014 20:26:01 GMT, bertschj
<bertschj@no-mx.forums.novell.com> wrote:

>
>Thanks Massimo
>
>But if I only have 1 public IP, how can I get to server2 (or 3) by just
>forwarding the port/server within FW? Meaning, how will it know to go
>to the port I specify in port forward?
>
>I can add the port to end of VNC xxx.xxx.xxx.xxx:5902, but then wouldn't
>I need to also have that port listen exclusively on the server I'm
>trying to get to?
>
>I kinda get what you're saying but.... : )


You need to create multiple rules on your firewall like this:

public_ip:5901 maps to private_ip_1:5901
public_ip:5902 maps to private_ip_2:5901
public_ip:5903 maps to private_ip_3:5901
public_ip:5904 maps to private_ip_4:5901

So the servers use different IP addresses and the same port, but the
firewall uses one ip and multiple ports.

Ken
--
Ken
Knowledge Partner

Create and vote for enhancements in the Idea Exchange forums!
Don't forget to Like helpful posts and mark Solutions!
0 Likes
Absent Member.
Absent Member.

ahhh - OK. get it

so when connecting fro VNC, I just use xxx.xxx...:5901 for server1, xxx.xxx...:5902 for server2, etc?

thanks all for the help

ketter;2312705 wrote:
On Wed, 26 Mar 2014 20:26:01 GMT, bertschj
<bertschj@no-mx.forums.novell.com> wrote:

>
>Thanks Massimo
>
>But if I only have 1 public IP, how can I get to server2 (or 3) by just
>forwarding the port/server within FW? Meaning, how will it know to go
>to the port I specify in port forward?
>
>I can add the port to end of VNC xxx.xxx.xxx.xxx:5902, but then wouldn't
>I need to also have that port listen exclusively on the server I'm
>trying to get to?
>
>I kinda get what you're saying but.... : )


You need to create multiple rules on your firewall like this:

public_ip:5901 maps to private_ip_1:5901
public_ip:5902 maps to private_ip_2:5901
public_ip:5903 maps to private_ip_3:5901
public_ip:5904 maps to private_ip_4:5901

So the servers use different IP addresses and the same port, but the
firewall uses one ip and multiple ports.

Ken
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.