Problems setting up TigerVNC and firewall
Solution 1
The "1:user" tells the vnc server that the username user is map to display 1, so the port number to access this user via vnc is 5901.
Note: "By default, VNC uses ports numbered 5900 plus the display number. In this example, the display is 1, so the port number is 5901.
Solution 2
I think there are two problems. One problem is that your firewall rules are wrong. It doesn't explain the service vncserver start [failed]
though, so you probably have another problem there. Do post the bla bla
.
Look at the INPUT
chain in the iptables
rules: they're processed in order, so when you try to open a connection on port 5900, the kernel goes: hmm, not RELATED or ESTABLISHED, not icmp, not loopback, not to port 22, aha that REJECT rule matches, end of story. You need to add the rule for port 5900 before the REJECT rule (just after the existing rule for port 22).
That's assuming you do want to open the VNC port, which means that everything including your VNC password will be travelling in cleartext on your LAN. If that's a problem, you could tunnel VNC over SSH (I have no idea how do set it up on the Windows side).
Related videos on Youtube
Comments
-
Jason94 over 1 year
I have a box running a fresh install of Fedora 15. I've installed TigerVNC server on it and client on my Windows machine.
I've added
-A INPUT -m state --state NET -m tcp -p tcp --dport 5900 -j ACCEPT
to/etc/sysconfig/iptables
then, added to
/etc/sysconfig/vncservers
: VNCSERVER="1:UNAME" VNCSERVERARGS[1]="-geometry 1024x768"then I try to start the server, but I get
job failed. See bla bla for details
((mentions some files i have no idea to find))What am I doing wrong?
-thanks!
iptables -nvL:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 173 12044 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 1518 85858 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5900 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 1613 packets, 146K bytes) pkts bytes target prot opt in out source destination``
systemctl:
vncserver.service loaded failed failed LSB: start|stop|restart|try-restart|status|force-reload vncserver
-
Gilles 'SO- stop being evil' almost 13 yearsWhat are your firewall settings then? (
iptables -nvL
) And copy-paste the full error messages. -
Jason94 almost 13 yearsi've posted it :D
-
-
Jason94 almost 13 years[root@SERVER UNAME]# service vncserver start Starting vncserver (via systemctl): Job failed. See system logs and 'systemctl status' for details. [FAILED]
-
Jason94 almost 13 yearsafter fixing the chain i now get connection refused (got timed out). but the vnc server is not up as u see from the error above
-
Gilles 'SO- stop being evil' almost 13 years@Jason94: Add the output of
systemctl status vncserver
to your question. Also go and look at files in/var/log
: check the time, runservice vncserver start
, and post all log lines that appeared while the command was running. -
Jason94 almost 13 yearssystemctl is added, ill do the /var/log thingy now
-
Jason94 almost 13 yearscould not find anything related to svn in /var/log
-
Gilles 'SO- stop being evil' almost 13 years@Jason94: Post everything from around the time you ran
service vncserver start
.