HPE Community
Operating System - Linux
1819791 Members
3175 Online
109607 Solutions
New Discussion юеВ

VNC problems

 
SOLVED
Go to solution
Gary L
Super Advisor

тАО03-15-2007 01:45 AM

тАО03-15-2007 01:45 AM

VNC problems

Hi

I could not access the Linux server using VNC viewer through XP, error reponds is: unable to connect to host:A socket operation was attempted to an unreachable host. (10065), detail as below:
1. I new installed a RHEL4U4 through check I found GNOME have been default installed. So I run "vncserver", through ps -ef | grep vnc I could found the process of vnc, sys10:1 ...
2. I run vnc viewer via xp sys10:1, up erro appear.
3. I could "ping sys10" via xp cmd.
4. On sys10, I run "vncconfig -list" error responds: No VNC extension on display :0.0
echo $DISPLAY is :0.0 I changed the value to :2.0 (the same as another Linux server that could be accessed through vnc viewer via my desktop)
somethings wrong? I have no idea, I have compared two Linux's setting and process running, I don't see any different?
0 Kudos
Reply
11 REPLIES 11
Gary L
Super Advisor

тАО03-19-2007 08:23 AM

тАО03-19-2007 08:23 AM

Re: VNC problems

If I "disable" firewall at System setting -- Secruity Level session, I coule access this linux servers via winxp "vncview". But I have checked other linux servers, those server Enable firewall also could be accessed by vncviewer, what's the problems.
0 Kudos
Reply
Jarle Bjorgeengen
Trusted Contributor

тАО03-21-2007 08:13 PM

тАО03-21-2007 08:13 PM

Solution

Re: VNC problems

You don't have disable the firewall. You can just change the rules to allow incoming connections on the vnc-service port.

- JarleB
Reply
Gary L
Super Advisor

тАО03-22-2007 01:41 AM

тАО03-22-2007 01:41 AM

Re: VNC problems

thank you very much Jarle Biorgeengen!
Would you please explain detail, which file(s) have vnc port info, how to allow/deny this port, my vnc port is 5901.

thanks!
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО03-22-2007 02:11 AM

тАО03-22-2007 02:11 AM

Re: VNC problems

Shalom,

VNC uses between ports 5900 and 5910 normally.

The vncserver process creaters configuration files in the users home directory in a dirctory called .vnc

Pay particular attention to xstartup if you are planning on deploying a working vnc server.

What commonly happens is someone lanches vncserver without specifying the port. Then someone else comes along a week or whatever later and does the same thing. The vncserver process is smart enough to see that port 5901 is occupied and grabs 5901.

Same basic concept for DISPLAY instances.

There are lock files in /tmp that can be deleted to clear this problem up.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Gary L
Super Advisor

тАО03-22-2007 02:30 AM

тАО03-22-2007 02:30 AM

Re: VNC problems

thanks Steven

Normally I startup vnc server just by runnng: #vncserver (donot with port number like :1 :2) also, I could run the command twice, and as other users run this command more times. I found system automatic assigned the ports for each process of vnc. like sys10:1 (root) sys10:2 (user1) sys10:3(mks) sys10:4 (root) ...If I kill some vnc process, the ports will be assigned for next one that runing vncserver.

My question is: I could not access those linux servers that have startup the vncserver via winxp-end vncviewer. my current erro is 10065, when I disable the firewall, I could access. But I don't think so disable firewall is a good ideal for solving the problems.
Do you have some good suggestions? I think, vncserver and vncviewer have been broad using on Linux for GUI control, so ...
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО03-22-2007 03:04 AM

тАО03-22-2007 03:04 AM

Re: VNC problems

Shalom,

The firewall should permit traffic on ports 5900-5910 to this server. You may not to permit this from all locations, because VNC is not very secure about authentication and you don't want Joe Hacker to be able to touch the system.

It does appear that your firewall is messing with you here.

The DISPLAY issues are caused by multiple instances of vnc running.

If you kill the processes, identified by ps -ef | grep xvnc and remove the files in the /tmp directory, you can get back to 1 vncserver process without needing to reboot the server.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Gary L
Super Advisor

тАО03-22-2007 03:26 AM

тАО03-22-2007 03:26 AM

Re: VNC problems

Hi Steven

Yes, you are right, Maybe my firewall setting is messing with me here.
The default firewall setting is "Enable" in system settings - Security Level I didn't choose amy one as Trusted Services, that time I could access to this server via vncviewer, but when I checked "SSH" as Trusted Services, I could not access. I tried to recover it "un-check" SSH, but could not access. Only "Disable" Firewall I could access again via vncviewer.

How to fix the firewall setting?
0 Kudos
Reply
Jarle Bjorgeengen
Trusted Contributor

тАО03-22-2007 04:48 AM

тАО03-22-2007 04:48 AM

Re: VNC problems

you can find which port each vncserver listens to to with

#netstat -napt |grep LIST |grep vnc

example line with cups
# tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 6340/cupsd

you see cupsd listens to tcp on port 631 . (only on localhost though, so it wouldn't help me to open up the firewall here)

To open up incoming connections on ports :


# iptables -I INPUT -p tcp [-s ip_of_your_xp_machine] --destination-port -j ACCEPT

you need one iptables command for each vncserver process, and you can leave the -s option out if you don't want to restrict vnc connection to only that XP machine.

Rgds Jarle
Reply
Jarle Bjorgeengen
Trusted Contributor

тАО03-22-2007 04:51 AM

тАО03-22-2007 04:51 AM

Re: VNC problems

Oh, and another thing; do
#service iptables save
when you are happy with the rules, otherwise you loose the rules on reboot.

- Jarle
Reply
Steven E. Protter
Exalted Contributor

тАО03-22-2007 07:58 AM

тАО03-22-2007 07:58 AM

Re: VNC problems

Shalom,

If your system is on a corporate lan and a hardware based firewall is provided.

service iptables stop
chkconfig iptables off

It will stop running.

If you have to use iptables, post the results of iptables -L

We may need to come up with some firewall rules for you.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Gary L
Super Advisor

тАО03-22-2007 08:00 AM

тАО03-22-2007 08:00 AM

Re: VNC problems

thank you very much, I will try.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.