On Mon, 17 Feb 2020 09:24:54 +1100 Cameron Simpson wrote:
Just to this part:
For things to which I connect regularly I allocate extra 127.0.0.n
addresses to my local interface. This lets you bind to a specific
address without conflict.
...
Our home server does similar (on a lesser scale) and has this line in
/etc/rc.local:
addif -i lo 127.0.0.2..9
I do something similar on our VNC servers. Mostly like that:
- associate an IP in the 127.0.0.0/8 subnet for each user
- polute /etc/hosts with "127.a.b.c vnc-LOGIN" entries
- spawn an Xvnc session listening to 127.a.b.c:5900 for each user
without using the VNC passwd: Xvnc -SecurityTypes None
- protect each session by the firewall with (for each UID/a.b.c):
iptables -I OUTPUT 1 -j REJECT -p tcp -m state --state NEW -m tcp \
-d 127.a.b.c/32 -m owner ! --uid-owner UID
Each user of login LOGIN connect then with
vncviewer -via SERVER vnc-LOGIN
--
francis