Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

15.3.2. Connecting to a VNC Server

Once the VNC server is configured, you can connect to it from any VNC viewer.

Procedure 15.6. Connecting to a VNC Server Using a GUI

  1. Enter the vncviewer command with no arguments, the VNC Viewer: Connection Details utility appears. It prompts for a VNC server to connect to.
  2. If required, to prevent disconnecting any existing VNC connections to the same display, select the option to allow sharing of the desktop as follows:
    1. Select the Options button.
    2. Select the Misc. tab.
    3. Select the Shared button.
    4. Press OK to return to the main menu.
  3. Enter an address and display number to connect to:
    address:display_number
  4. Press Connect to connect to the VNC server display.
  5. You will be prompted to enter the VNC password. This will be the VNC password for the user corresponding to the display number unless a global default VNC password was set.
    A window appears showing the VNC server desktop. Note that this is not the desktop the normal user sees, it is an Xvnc desktop.

Procedure 15.7. Connecting to a VNC Server Using the CLI

  1. Enter the viewer command with the address and display number as arguments:
    vncviewer address:display_number
    Where address is an IP address or host name.
  2. Authenticate yourself by entering the VNC password. This will be the VNC password for the user corresponding to the display number unless a global default VNC password was set.
  3. A window appears showing the VNC server desktop. Note that this is not the desktop the normal user sees, it is the Xvnc desktop.

15.3.2.1. Configuring the Firewall for VNC

When using a non-encrypted connection, the firewall might block your connection. The VNC protocol is remote framebuffer (RFB), which is transported in TCP packets. If required, open a port for the TCP protocol as described below. When using the -via option, traffic is redirected over SSH which is enabled by default.

Note

The default port of VNC server is 5900. To reach the port through which a remote desktop will be accessible, sum the default port and the user's assigned display number. For example, for the second display: 2 + 5900 = 5902.

Procedure 15.8. Opening a Port Using lokkit

The lokkit command provides a way to quickly enable a port using the command line.
  1. To enable a specific port, for example port 5902 for TCP, issue the following command as root:
    ~]# lokkit --port=5902:tcp --update
    Note that this will restart the firewall as long as it has not been disabled with the --disabled option. Active connections will be terminated and time out on the initiating machine.
  2. Verify whether the chosen port is open. As root, enter:
    ~]# iptables -L -n | grep 'tcp.*59'
    ACCEPT     tcp  --  0.0.0.0/0     0.0.0.0/0    state NEW tcp dpt:5902
  3. If you are unsure of the port numbers in use for VNC, as root, enter:
    ~]# netstat -tnlp
    tcp    0    0 0.0.0.0:6003    0.0.0.0:*    LISTEN    4290/Xvnc        
    tcp    0    0 0.0.0.0:5900    0.0.0.0:*    LISTEN    7013/x0vncserver 
    tcp    0    0 0.0.0.0:5902    0.0.0.0:*    LISTEN    4189/Xvnc        
    tcp    0    0 0.0.0.0:5903    0.0.0.0:*    LISTEN    4290/Xvnc        
    tcp    0    0 0.0.0.0:6002    0.0.0.0:*    LISTEN    4189/Xvnc
    Ports starting 59XX are for the VNC RFB protocol. Ports starting 60XX are for the X windows protocol.
    To list the ports and the Xvnc session's associated user, as root, enter:
    ~]# lsof -i -P | grep vnc
    Xvnc      4189    jane    0u  IPv6  27972    0t0  TCP *:6002 (LISTEN)
    Xvnc      4189    jane    1u  IPv4  27973    0t0  TCP *:6002 (LISTEN)
    Xvnc      4189    jane    6u  IPv4  27979    0t0  TCP *:5902 (LISTEN)
    Xvnc      4290     joe    0u  IPv6  28231    0t0  TCP *:6003 (LISTEN)
    Xvnc      4290     joe    1u  IPv4  28232    0t0  TCP *:6003 (LISTEN)
    Xvnc      4290     joe    6u  IPv4  28244    0t0  TCP *:5903 (LISTEN)
    x0vncserv 7013     joe    4u  IPv4  47578    0t0  TCP *:5900 (LISTEN)

Procedure 15.9. Configuring the Firewall Using an Editor

When preparing a configuration file for multiple installations using administration tools, it is useful to edit the firewall configuration file directly. Note that any mistakes in the configuration file could have unexpected consequences, cause an error, and prevent the firewall settings from being applied. Therefore, check the /etc/sysconfig/system-config-firewall file thoroughly after editing.
  1. To check what the firewall is configured to allow, issue the following command as root to view the firewall configuration file:
    ~]# less /etc/sysconfig/system-config-firewall
    # Configuration file for system-config-firewall
    
    --enabled
    --service=ssh
    In this example taken from a default installation, the firewall is enabled but VNC ports have not been configured to pass through.
  2. Open /etc/sysconfig/system-config-firewall for editing as root and add lines in the following format to the firewall configuration file:
    --port=port_number:tcp
    For example, to add port 5902 :
    ~]# vi /etc/sysconfig/system-config-firewall
      # Configuration file for system-config-firewall
    
    --enabled
    --service=ssh
    --port=5902:tcp
  3. Note that these changes will not take effect even if the firewall is reloaded or the system rebooted. To apply the settings in /etc/sysconfig/system-config-firewall, issue the following command as root:
    ~]# lokkit --update