* * * * Good Morning to all * * * * This is what I need to do but I dont know how to excatly do it maybe you guys can help me out What I want to do is setup a 2 different networks .. PC #A DCHP -------------- 192.168.22.25 |This pc is on a different network running DHCP. 255.255.255.0 |This pc is a workstation with VNC running so 192.168.22.1 |I connet to my workstartion behind the linux box. -------------- | | | | ================== | | |--------------- | 192.168.22.38 |This is my linux box running samba as a PDC | 255.255.255.0 |I want PC # A to come through here tousing VNC. | 192.168.22.1 |to get access on to this network. --------------- | | | HUB | | | PC # Workstation|This PC is Running W2K with VNC _________ 192.168.22.10 |I want PC #A to be able to connect to this W2K. 255.255.255.0 | 192.168.22.1 | PC # W2K=PDC |THis is my PDC on this end running advance also 192.168.22.11 |running VNC. 255.255.255.0 | 192.168.22.1 | PC # W2K=EXC |THis is my EXchange server running VNC. 192.168.22.12 | 255.255.255.0 | 192.168.22.1 | What would be the best way to make this happen. I just want PC #A to able to pass through the linux box using VNC so I can hit the otherside of the network but I want linux to validate Machine ID and IP in order to gain access. I know if I can get to PC # Workstations I can do the rest. Please I will take any ideas... Thankz again.... Junior.

I am not going to analyze this in detail right now but.. If all you want is some form of ip address based auth(even userid is possible) then iptables running on your linux (samba pdc) box can do exactly what you need. You will need to arrange for filtering of all vnc listening ports from any address, then INSERT a rule for the linux pdc, and dnat and forward packets only from your remote station address connecting from the linux pdc, with optional uid match. Hint: VNC at one time had two sets of listening ports, one that had a java interface and the other the core vnc. You would need to make allowances for this in your filter rules if this is the case. man iptables

my. that is an interesting setup hmmm are you just using SAMBA on the linux boxes as a pipeline from PC to PC box? how about running sshd on linux box, but export your X server over ssh -> this way you could use the .sshrc files to snd ssh.conf for allow, deny etc... and you could only allow connections from the PCs around you (you would need SecureCRT for the PCs to Connect) since vnc is a fancy X server, I wonder if it can be xported with Xhosts ? anyway, it would look like this: ssh from 25 to 38 vncviewer from 1 to 10 ? what do you thinK?