[Linux 常見問題] Iptables Open VNC Port To Allow Incoming VNC Connections

Source From Here
Question
How do I configure Linux system firewall to allow incoming VNC connections?

How-To
VNC server listens on the following TCP ports:

=> VNC server on display 0 will listen on TCP ports 5800, 5900 and 6000
=> VNC server on display 1 will listen on TCP ports 5801, 5901 and 6001
=> VNC server on display N will listen on TCP ports 580N, 590N and 600N

In other words a VNC server listens for a VNC client on TCP ports 5800+N, 5900+N, and 6000+N where N is the display which starts at zero. So,

5800+N – Java-based vncviewer;
5900+N – VNC Client Port;
6000+N – X Server port.

Find Out VNC Port
Type the following command:

# netstat -tulp | grep vnc
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 3240/Xvnc

Update /etc/sysconfig/iptables
Edit /etc/sysconfig/iptables file:

view plaincopy to clipboardprint?

1. ...  
2. -A INPUT -p tcp -m state --state NEW -m tcp --dport 5801 -j ACCEPT  
3. -A INPUT -p tcp -m state --state NEW -m tcp --dport 5901 -j ACCEPT  
4. -A INPUT -p tcp -m state --state NEW -m tcp --dport 6001 -j ACCEPT  

Save and close the file. Restart iptables:

# service iptables restart

A Note About Other Linux Distributions
/etc/sysconfig/iptables works only on RHEL / CentOS / Fedora Linux. For other distros update your iptables shell script as follows:

# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5801 -j ACCEPT
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 6001 -j ACCEPT
# service iptables save