[NZLUG] VNC server/viewer setup help required

Cliff Pratt enkidu at cliffp.com
Fri Jul 15 11:21:10 NZST 2016


On 14/07/16 20:20, Patrick Connolly wrote:
> Somewhere about Wed, 13-Jul-2016 at 04:34PM +1200 (give or take),
> Martin D Kealey wrote:
>
> |>
> |> Useful options for netstat include:
> |>     -n  makes the output numeric (so you don't have to go looking up port
> |>         names to get their numbers);
> |>     -l  restricts the output to listeners, rather than connections;
> |>     -t  restricts the output to tcp (excludes UDP or Unix sockets);
> |>     -p  report process; and
> |>     -e  report the kernel channel of the local socket
> |>         (which can be searched for in /proc/$pid/fd).
> |>
> |> So I would run: netstat -tlnep | grep -E '5901|6001'
> |>
> |> Then I'd check that the reported processes are for the right xvnc process.
> |>
> |> I would then look at iptables -xvnL and see if anything is configured to block
> |> ports in the 5900-5999 range.
>
>
>
>
> # netstat -tlnep | grep -E '5901|6001'
> tcp        0      0 127.0.0.1:5901          0.0.0.0:*               LISTEN      1000       3579449     31417/Xvnc
> tcp        0      0 0.0.0.0:6001            0.0.0.0:*               LISTEN      1000       3579444     31417/Xvnc
> tcp6       0      0 ::1:5901                :::*                    LISTEN      1000       3579450     31417/Xvnc
> tcp6       0      0 :::6001                 :::*                    LISTEN      1000       3579443     31417/Xvnc
>
> I've disregarded the tcp6 lines assuming they don't tell anything new.
> Is that a bad idea?
>
>
> #
> # iptables -xvnL
> Chain INPUT (policy ACCEPT 40265 packets, 11046681 bytes)
>      pkts      bytes target     prot opt in     out     source               destination
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>      pkts      bytes target     prot opt in     out     source               destination
>
> Chain OUTPUT (policy ACCEPT 10412 packets, 2197344 bytes)
>      pkts      bytes target     prot opt in     out     source               destination
>
> Which isn't surprising.
>
> Does that shed any light I can't see?
>
>
Well, that first line of the netstat *seems* to say that 5901 is open on 
localhost only, so any connections will need connect to localhost, which 
of course they can't from another machine.

Try 'telnet <ip addr of the remote machine> 5901 from the other machine 
and see if it connects. My guess is that it won't.

The setup looks to me like it is expecting the connection to the remote 
machine to be via an SSH tunnel. Is this the case?

In your ~/.vnc/config you said you had a line with "localhost". You 
could maybe try removing that? I don't have such a file on my system.

Cheers,

Cliff


More information about the NZLUG mailing list