Show Table of Contents
15.3.2. Connecting to a VNC Server
Once the VNC server is configured, you can connect to it from any VNC viewer.
Procedure 15.6. Connecting to a VNC Server Using a GUI
- Enter the
vncviewercommand with no arguments, the VNC Viewer: Connection Details utility appears. It prompts for a VNC server to connect to.
- If required, to prevent disconnecting any existing VNC connections to the same display, select the option to allow sharing of the desktop as follows:
- Select thebutton.
- Select the Misc. tab.
- Select thebutton.
- Press OK to return to the main menu.
- Enter an address and display number to connect to:
- Press Connect to connect to the VNC server display.
- You will be prompted to enter the VNC password. This will be the VNC password for the user corresponding to the display number unless a global default VNC password was set.A window appears showing the VNC server desktop. Note that this is not the desktop the normal user sees, it is an Xvnc desktop.
Procedure 15.7. Connecting to a VNC Server Using the CLI
- Enter the
viewercommand with the address and display number as arguments:
vncviewer address:display_numberWhere address is an
IPaddress or host name.
- Authenticate yourself by entering the VNC password. This will be the VNC password for the user corresponding to the display number unless a global default VNC password was set.
- A window appears showing the VNC server desktop. Note that this is not the desktop the normal user sees, it is the Xvnc desktop.
220.127.116.11. Configuring the Firewall for VNC
When using a non-encrypted connection, the firewall might block your connection. The VNC protocol is remote framebuffer (RFB), which is transported in
TCPpackets. If required, open a port for the
TCPprotocol as described below. When using the
-viaoption, traffic is redirected over
SSHwhich is enabled by default.
The default port of VNC server is 5900. To reach the port through which a remote desktop will be accessible, sum the default port and the user's assigned display number. For example, for the second display: 2 + 5900 = 5902.
Procedure 15.8. Opening a Port Using lokkit
lokkitcommand provides a way to quickly enable a port using the command line.
- To enable a specific port, for example port
TCP, issue the following command as
~]#Note that this will restart the firewall as long as it has not been disabled with the
lokkit --port=5902:tcp --update
--disabledoption. Active connections will be terminated and time out on the initiating machine.
- Verify whether the chosen port is open. As
iptables -L -n | grep 'tcp.*59'ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5902
- If you are unsure of the port numbers in use for VNC, as
netstat -tnlptcp 0 0 0.0.0.0:6003 0.0.0.0:* LISTEN 4290/Xvnc tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 7013/x0vncserver tcp 0 0 0.0.0.0:5902 0.0.0.0:* LISTEN 4189/Xvnc tcp 0 0 0.0.0.0:5903 0.0.0.0:* LISTEN 4290/Xvnc tcp 0 0 0.0.0.0:6002 0.0.0.0:* LISTEN 4189/Xvnc
59XXare for the VNC
RFBprotocol. Ports starting
60XXare for the X windows protocol.To list the ports and the Xvnc session's associated user, as
lsof -i -P | grep vncXvnc 4189 jane 0u IPv6 27972 0t0 TCP *:6002 (LISTEN) Xvnc 4189 jane 1u IPv4 27973 0t0 TCP *:6002 (LISTEN) Xvnc 4189 jane 6u IPv4 27979 0t0 TCP *:5902 (LISTEN) Xvnc 4290 joe 0u IPv6 28231 0t0 TCP *:6003 (LISTEN) Xvnc 4290 joe 1u IPv4 28232 0t0 TCP *:6003 (LISTEN) Xvnc 4290 joe 6u IPv4 28244 0t0 TCP *:5903 (LISTEN) x0vncserv 7013 joe 4u IPv4 47578 0t0 TCP *:5900 (LISTEN)
Procedure 15.9. Configuring the Firewall Using an Editor
When preparing a configuration file for multiple installations using administration tools, it is useful to edit the firewall configuration file directly. Note that any mistakes in the configuration file could have unexpected consequences, cause an error, and prevent the firewall settings from being applied. Therefore, check the
/etc/sysconfig/system-config-firewallfile thoroughly after editing.
- To check what the firewall is configured to allow, issue the following command as
rootto view the firewall configuration file:
~]#In this example taken from a default installation, the firewall is enabled but VNC ports have not been configured to pass through.
less /etc/sysconfig/system-config-firewall# Configuration file for system-config-firewall --enabled --service=ssh
/etc/sysconfig/system-config-firewallfor editing as
rootand add lines in the following format to the firewall configuration file:
--port=port_number:tcpFor example, to add port
vi /etc/sysconfig/system-config-firewall# Configuration file for system-config-firewall --enabled --service=ssh --port=5902:tcp
- Note that these changes will not take effect even if the firewall is reloaded or the system rebooted. To apply the settings in
/etc/sysconfig/system-config-firewall, issue the following command as