2016年11月30日 星期三

[Linux 常見問題] Iptables Open VNC Port To Allow Incoming VNC Connections

Source From Here
Question
How do I configure Linux system firewall to allow incoming VNC connections?

How-To
VNC server listens on the following TCP ports:
=> VNC server on display 0 will listen on TCP ports 5800, 5900 and 6000
=> VNC server on display 1 will listen on TCP ports 5801, 5901 and 6001
=> VNC server on display N will listen on TCP ports 580N, 590N and 600N

In other words a VNC server listens for a VNC client on TCP ports 5800+N, 5900+N, and 6000+N where N is the display which starts at zero. So,
5800+N – Java-based vncviewer;
5900+N – VNC Client Port;
6000+N – X Server port.

Find Out VNC Port
Type the following command:
# netstat -tulp | grep vnc
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 3240/Xvnc

Update /etc/sysconfig/iptables
Edit /etc/sysconfig/iptables file:
  1. ...  
  2. -A INPUT -p tcp -m state --state NEW -m tcp --dport 5801 -j ACCEPT  
  3. -A INPUT -p tcp -m state --state NEW -m tcp --dport 5901 -j ACCEPT  
  4. -A INPUT -p tcp -m state --state NEW -m tcp --dport 6001 -j ACCEPT  
Save and close the file. Restart iptables:
# service iptables restart

A Note About Other Linux Distributions
/etc/sysconfig/iptables works only on RHEL / CentOS / Fedora Linux. For other distros update your iptables shell script as follows:
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5801 -j ACCEPT
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 6001 -j ACCEPT
# service iptables save


沒有留言:

張貼留言

[ FP with Java ] Ch1 - What is functional programming

Preface   This chapter covers: ( Functional Programming in Java )  *  The benefits of functional programming *  Problems with side ef...