2016年11月30日 星期三

[Linux 常見問題] Iptables Open VNC Port To Allow Incoming VNC Connections

Source From Here
Question
How do I configure Linux system firewall to allow incoming VNC connections?

How-To
VNC server listens on the following TCP ports:
=> VNC server on display 0 will listen on TCP ports 5800, 5900 and 6000
=> VNC server on display 1 will listen on TCP ports 5801, 5901 and 6001
=> VNC server on display N will listen on TCP ports 580N, 590N and 600N

In other words a VNC server listens for a VNC client on TCP ports 5800+N, 5900+N, and 6000+N where N is the display which starts at zero. So,
5800+N – Java-based vncviewer;
5900+N – VNC Client Port;
6000+N – X Server port.

Find Out VNC Port
Type the following command:
# netstat -tulp | grep vnc
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 3240/Xvnc

Update /etc/sysconfig/iptables
Edit /etc/sysconfig/iptables file:
  1. ...  
  2. -A INPUT -p tcp -m state --state NEW -m tcp --dport 5801 -j ACCEPT  
  3. -A INPUT -p tcp -m state --state NEW -m tcp --dport 5901 -j ACCEPT  
  4. -A INPUT -p tcp -m state --state NEW -m tcp --dport 6001 -j ACCEPT  
Save and close the file. Restart iptables:
# service iptables restart

A Note About Other Linux Distributions
/etc/sysconfig/iptables works only on RHEL / CentOS / Fedora Linux. For other distros update your iptables shell script as follows:
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5801 -j ACCEPT
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 6001 -j ACCEPT
# service iptables save


沒有留言:

張貼留言

[Git 常見問題] error: The following untracked working tree files would be overwritten by merge

  Source From  Here 方案1: // x -----删除忽略文件已经对 git 来说不识别的文件 // d -----删除未被添加到 git 的路径中的文件 // f -----强制运行 #   git clean -d -fx 方案2: 今天在服务器上  gi...