[TriLUG] Re: VNC questions -

Janyne Kizer janyne_kizer at ncsu.edu
Mon Jan 14 11:57:16 EST 2002 

OK, I did this and "iptables -L" indicates that it is working fine,
however it does not appear the the VNC server is running.

/etc/services 
vnc-640x480x8   5950/tcp                        # vnc server IP
vnc-800x600x8   5951/tcp                        # vnc server IP
vnc-800x600x16  5952/tcp                        # vnc server IP 

/etc/xinetd.d/vnc-640x480x8

# default: off
# description: The vnc server allows connection via the vnc protocol
#
#       server                  = /usr/bin/Xvnc

service vnc-640x480x8
{
        disable                 = no
        socket_type             = stream
        protocol                = tcp
        wait                    = no
        user                    = nobody
        server                  = /usr/bin/Xvnc
        server_args             = -inetd -broadcast -once -geometry
640x480 -depth 8
        log_on_success          += USERID
        log_on_failure          += USERID
}

Janyne Kizer wrote:
> 
> Gotcha.
> 
> So I need to add a line like the following to the firewall
> 
> iptables -A INPUT -p tcp --sport 5950 -j ACCEPT
> iptables -A INPUT -p tcp --sport 5951 -j ACCEPT
> iptables -A INPUT -p tcp --sport 5952 -j ACCEPT
> 
> even though I already have this line in there
> 
> iptables -A INPUT -s <mysubnetaddress>/255.255.255.0 -j ACCEPT
> 
> H Brett Bolen wrote:
> >
> > Janyne Kizer wrote:
> >
> > > No.  I am still working on it though.
> > >
> > > Hmmm, maybe I need to add service vnc-640x480x8, and so on instaed of
> > > servcie vnc???
> > >
> > > The machine is directly connected to the internet.  My firewall is set
> > > up to allow all connections from certain subnets and no connections from
> > > the rest of the world.  The firewall should not be the problem here
> > >...
> >
> >  >
> >
> > > H Brett Bolen wrote:
> > >
> >
> >  >> ...
> >
> >
> >
> > yes they have to match.
> >
> > I have one entry in /etc/services.  just 'vnc'
> >
> > I have one extra file in /etc/xinietd.d.  just 'vnc'
> >
> > The other entries are for different resolutions, get the
> > first one up before adding complexity.
> >
> > after you edit the files, then use
> >
> >     killall -USR2 xinetd
> >
> > to reload the configuration.  if you look into /var/log/messages, you
> > can see some data telling you that the config was reinitilized.
> >
> > after that just telnet to the port ( mine is 5953 or
> > 5900 + <vnc port no>) and you should see someting like
> >
> >     RFB 003.003
> >
> > This will tell you that the vncserver was kicked off.
> >
> > reguarding firewall,
> >
> > I have linksys router and NAT on my box, so nothing can
> > come into this box.  I don't know why /etc/hosts.allow affects
> > xinetd.  ( there is no tcpd, does xinetd use /etc/hosts.allow
> > automatically?)
> >
> > security is still an issue even if it's not a service -- you have
> > a port open that other people can connect to ( xinted is a service).
> >
> > apply security measures to taste.
> >
> > b\375
> >
> > ps: I've copied trilug at trilug.org
> 
> --
> 
> Janyne Kizer
> CNE-3, CNE-4, CNE-5
> Systems Programmer Administrator I
> NC State University, College of Agriculture & Life Sciences
> Extension and Administrative Technology Services
> Phone: (919) 515-3609
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug

-- 

Janyne Kizer
CNE-3, CNE-4, CNE-5
Systems Programmer Administrator I
NC State University, College of Agriculture & Life Sciences
Extension and Administrative Technology Services
Phone: (919) 515-3609

More information about the TriLUG mailing list