[7.490][QUESTION][OPEN] Config for VNC used on 7.405 doesn't work on 7.490 -> IPS error

Hello
I imported my configfile from the 7.405.

It hast an packetfilter allowance for an incoming VNC connection.
There is also an DNAT rule.

Masquerading is also enabled.

The connection seems to be dropped by the IPS

IPS: Top blocked attacks
Details
Total attacks blocked: 19
Rule ID Rule Description Rule group Packets % of total
1 560 POLICY VNC server response OS / Other 19 100.00

What needs to be done to connect to the internal VNC server?

greetz chaser

Parents

0 BAlfson over 16 years ago

Depends on how secure you want to be. You could disable the rule under the 'Advanced' tab, you could create an exception for the destination or for the source.

Our standard is to not use a DNAT for this, but to use one of the VPNs included with the Astaro.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Billybob over 16 years ago in reply to BAlfson

I second that. A security appliance is as secure as the administrator running it. You open holes for vnc and x11 desktop and so forth and sooner or later someone is going to crack that password.
Use VPN for everything whenever possible and you don't need dnat for anything besides publishing owa (webserver etc) or xbox[:P]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Billybob over 16 years ago in reply to BAlfson

I second that. A security appliance is as secure as the administrator running it. You open holes for vnc and x11 desktop and so forth and sooner or later someone is going to crack that password.
Use VPN for everything whenever possible and you don't need dnat for anything besides publishing owa (webserver etc) or xbox[:P]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data