>What is output of iptables -L -v ? [root@tiger mahmood]# iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 401 21336 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:http 7 348 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:https 28 1608 ACCEPT tcp -- any any anywhere anywhere state NEW tcp multiport dports 5901:5903,6001:6003 2699K 2060M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 105 6896 ACCEPT icmp -- any any anywhere anywhere 227K 20M ACCEPT all -- lo any anywhere anywhere 342 20304 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh 134K 33M REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 2881K packets, 1956M bytes) pkts bytes target prot opt in out source destination >you can run the same test from a remote computer, to see if you >get through the firewall on your server running Xvnc Using cmd.exe from windows 7, here is the output C:\Users\mahmood>telnet IP Connecting To IP...Could not open connection to the host, on port 23 : Connect failed Regards, Mahmood ________________________________ From: Eero Volotinen <[email protected]> To: Mahmood Naderan <[email protected]> Cc: Jason Bronner <[email protected]>; "[email protected]" <[email protected]>; Joseph Areeda <[email protected]>; Eero Volotinen <[email protected]> Sent: Tuesday, March 5, 2013 8:31 PM Subject: Re: troubleshooting vnc What is output of iptables -L -v ? Eero On Tuesday, March 5, 2013, Mahmood Naderan wrote: >>check using netstat -tupln >[root@tiger mahmood]# netstat -tupln | grep vnc >tcp 0 0 0.0.0.0:5901 0.0.0.0:* >LISTEN 12185/Xvnc >tcp 0 0 0.0.0.0:6001 0.0.0.0:* >LISTEN 12185/Xvnc >tcp 0 0 :::6001 :::* >LISTEN 12185/Xvnc > > > > > >>The easiest way to check if that is the problem is by trying to >>telnet to the appropriate port (ie :0 is 5900 :1 is 5901 ...) If it >>works from localhost but not from a remote it is iptables or another >>firewall. >[mahmood@tiger ~]$ telnet localhost:5900 >telnet: localhost:5900: Name or service not known >localhost:5900: Unknown host >[mahmood@tiger ~]$ telnet localhost:5901 >telnet: localhost:5901: Name or service not known >localhost:5901: Unknown host >[mahmood@tiger ~]$ telnet 127.0.0.1:5900 >telnet: 127.0.0.1:5900: Name or service not known >127.0.0.1:5900: Unknown host >[mahmood@tiger ~]$ telnet 127.0.0.1:5901 >telnet: 127.0.0.1:5901: Name or service not known >127.0.0.1:5901: Unknown host >[mahmood@tiger ~]$ > > > > >>if you've cofirmed the service has started on the target box >[mahmood@tiger ~]$ service vncserver status >Xvnc (pid 12185) is running... > > >>the target box also needs an exception in IPTables for those ports. >From the output of iptables, are they open or close? > > > > >Regards, >Mahmood > > > >if you've cofirmed the service has started on the target box start looking at >things between the boxes which would cause a timeout. i.e. Ports being >forwarded in the router to the target box. VNC needs a couple of these, should >be a full listing on portforward.com for what it uses along with a listing of >a good number of routers by make/model# with screenshots. the target box also >needs an exception in IPTables for those ports. > >
