vnc on tunnel does not work after firewall is rerun

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

here's my setup.

     ssh -L          ssh -L                 ssh -L
   (A)         (B)               (C)                (D)

an ssh tunnel between A through D port forwarding all the way to the vnc
server is opened. A can then open a VNC viewer on localhost:port.

now recently, i tweaked with my firewall. i did not beef up the security
anyway other than restricting access to a smaller number of hosts on the
internet. as soon as i run my firewall script, the VNC setup above stops
working. i really can't make head or tail about whats happening. the
error i get is something like "channel 2/4: open failed:
administratively prohibited".

i have done some searching around on this group and elsewhere and people
with similar problems (esp that error message) seem to have not clearly
written how they resolved it. i did some debugging myself and here is
what i got.

a portscan of A, B and D gives a result something like this:

Interesting ports on localhost (
(The 1597 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh
5801/tcp   open        vnc-http-1
5901/tcp   open        vnc-1
6001/tcp   open        X11:1

but C does not give anything related to vnc or X11. i haven't checked
portscan when VNC was actually working. but i believe C is somehow
preventing the 59xx and 6xxx ports from opening, although i don't seem
to have done anything specific to accomplish that feat. now how can i
reverse this? my guess is i have to add something to the firewall script
(which is a normal rc.firewall on an rh7.3).

any help appreciated.

Research Assistant (Software Engineering)
University of Nebraska - Lincoln
Fingerprint: 0148 002F 3E97 C404  965E 4ACC EFC1 A650

Site Timeline