Hello,
I am new to linux sysadmining and am trying to set up a new server. I configured vnc to connect through ssh and that works fine. I then started configuring iptables and found an odd quark and am looking for help understanding why it is so.
Once I set the OUTPUT chain to default drop I lost ability to VNC. I added the rule I thought would take care of it:
|iptables -A OUTPUT -m tcp -p tcp --sport 590x -j ACCEPT
I checked and vnc still did not work, so I added:
|iptables -A OUTPUT -m tcp -p tcp --dport 590x -j ACCEPT
Once I added that and checked, vnc could connect just fine. I figured I just did the wrong rule before, so I removed the first rule to keep things tidy. Once I removed it I lost VNC connection again. I figured it needed both to trigger for some reason (why would be great to know) so I removed the other rule and added this:
|iptables -A OUTPUT -m tcp -p tcp --sport 590x --dport 590x -j ACCEPT
Which didn't work either, so can someone explain to me how exactly this is working? Am I not supposed to have both sport and dport on the same rule? Also how should I tell when it should be sport or dport? For instance looking at this it doesn't say which direction these are going.
Thanks
[link] [comments]