On Mon, 17 Feb 2020 09:24:54 +1100 Cameron Simpson wrote:
> Just to this part:
> For things to which I connect regularly I allocate extra 127.0.0.n
> addresses to my local interface. This lets you bind to a specific
> address without conflict.
...
> Our home server does similar (on a lesser scale) and has this line in
> /etc/rc.local:
> addif -i lo 127.0.0.2..9
I do something similar on our VNC servers. Mostly like that:
- associate an IP in the 127.0.0.0/8 subnet for each user
- polute /etc/hosts with "127.a.b.c vnc-LOGIN" entries
- spawn an Xvnc session listening to 127.a.b.c:5900 for each user
without using the VNC passwd: Xvnc -SecurityTypes None
- protect each session by the firewall with (for each UID/a.b.c):
iptables -I OUTPUT 1 -j REJECT -p tcp -m state --state NEW -m tcp \
-d 127.a.b.c/32 -m owner ! --uid-owner UID
Each user of login LOGIN connect then with
vncviewer -via SERVER vnc-LOGIN
--
francis
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
