3

I have installed VNC server on CentOS 5.8 and it is running, but I cannot connect to it using VNC viewer. I get the following error message:

connect: Connection timed out(10060)

What could be the problem?

Indrek
  • 24,204
  • 14
  • 90
  • 93
Beginner
  • 131
  • 1
  • 1
  • 4
  • There could be many problems. Do you have network connection at all? Can you ping the CentOS? Do you have a firewall? Does the VNC service up and running? You can try do some more extesive checks using NMap - http://nmap.org/ – EliadTech Nov 13 '12 at 12:46
  • I can connect to my server using putty. I checked vnsserver status using "service vncserver status" command and it is running. – Beginner Nov 13 '12 at 12:49
  • 1
    So, you should check out the firewall (if there's any), and test the VNC port with NMap. – EliadTech Nov 13 '12 at 13:06
  • Thanks. I disabled ip tables. It's now working. But I should learn how to add exception to firewall. – Beginner Nov 13 '12 at 13:14

3 Answers3

3

Here how to add a firewall exception (you'll need to open ports 5900 and 5800). Linux is not my strong side, so I hope this picture helps... CentOS firewall

EliadTech
  • 2,184
  • 12
  • 11
1

You will need to do:

vi /etc/sysconfig/iptables

Then, you will find a file as follows:

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
# <add the line for eth>
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
# <add the line for ports>
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

With your correct eth in ifconfig, add the following lines to your iptables:

-A INPUT -i eth1 -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp -m multiport --dports 5801:5803,5901:5903,6001:6003 -j ACCEPT

After the file is saved:

sudo service iptables restart
sudo service vncserver restart

You can have more information at: http://wiki.centos.org/HowTos/VNC-Server. However, you will see that they do not state: 5801:5803, which I have to add in order to get the VNCViewer working.

Regards,

ericson.cepeda
  • 111
  • 2
0

There will be some firewalld permission denied from port where vncserver running (e.g., 5901, etc.), so make an exceptional rule with it, only port 5901 accept tcp. That's it. You must start firewalld first and then make an exceptional rule, don't forget to reload firewalld and daemon, like below command on Linux box:

systemctl start firewalld
firewall-cmd --zone=public --permanent --add-port=5901/tcp
firewall-cmd --reload
systemctl daemon-reload

Give it a try.

G-Man Says 'Reinstate Monica'
  • 7,678
  • 22
  • 41
  • 87
yanuar hidayat
  • 1