This solution applies to CentOS 4, 5, and 6.

By default, a VNC server listens for connections for a VNC client on TCP ports 5800+x, 5900+x, and 6000+x where x is the display which starts at zero.

A VNC server on display 0 will listen on the following TCP ports 5800, 5900 and 6000; display 2 - 5802, 5902, 6002; display 18 - 5818, 5918, 6018; etc.

The following details will explain each port for each running VNC server.

5800+x - Used to send a user the java-based vncviewer application (if connect from a web browser to port 5800+x)

5900+x - VNC Client Port. The VNC protocol itself runs over this port.

6000+x - X Server Port

For example, There are two VNC servers running on machine. Here is the contents of /etc/sysconfig/vncservers.

VNCSERVERS="1:user1 2:user2"

To check the port used by vncserver Use the command netstat -nalpt | grep vnc.

# netstat -nalpt | grep vnc tcp 0 0 0.0.0.0:6018 0.0.0.0:* LISTEN 5933/Xvnc tcp 0 0 0.0.0.0:5818 0.0.0.0:* LISTEN 5933/Xvnc tcp 0 0 0.0.0.0:5918 0.0.0.0:* LISTEN 5933/Xvnc tcp 0 0 :::6018 :::* LISTEN 5933/Xvnc

Use the command lsof -i | grep vnc. Below is an example,

# lsof -i | grep vnc Xvnc 5933 sky 0u IPv6 182215 TCP *:6018 (LISTEN) Xvnc 5933 sky 1u IPv4 182216 TCP *:6018 (LISTEN) Xvnc 5933 sky 4u IPv4 182221 TCP *:5918 (LISTEN) Xvnc 5933 sky 5u IPv4 182222 TCP *:5818 (LISTEN)

if you want to allow the clients to connect the vncserver via the display 18, then you need to open the TCP port 5818, TCP port 5918, TCP port 6018, run the following tool.

# on CentOS6 $ system-config-firewall

# for CentOS5 and older systems $ system-config-securitylevel

In the "Other ports", add the TCP port 5818, 5918, 6018 . Save and close the tool.

Or,

Execute below command to add iptables rules to allow incoming vnc connections from any host.

# iptables -I INPUT -p tcp --dport 5818 -j ACCEPT # iptables -I INPUT -p tcp --dport 5918 -j ACCEPT # iptables -I INPUT -p tcp --dport 6018 -j ACCEPT

To allow specific subnet to access vncserver service add following iptables rule,

# iptables -I INPUT -p tcp -m tcp -s SUBNET_ID/CIDR --dport <VNC_PORT> -j ACCEPT # iptables -I INPUT -p tcp -m tcp --dport <VNC_PORT> -j REJECT

Save the configuration and restart firewall.

# service iptables save # service iptables restart

Using iptables -L to check the iptables rules.

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5818 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5918 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:6018

Also make sure that required ports opened in the Network Firewall.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

How to configure CentOS server firewall to allow incoming VNC connections?

Leave a Reply Cancel reply