VNC server listens on the following TCP ports:
=> VNC server on display 0 will listen on TCP ports 5800, 5900 and 6000
=> VNC server on display N will listen on TCP ports 580N, 590N and 600N
In other words a VNC server listens for a VNC client on TCP ports 5800+N, 5900+N, and 6000+N where N is the display which starts at zero. So,
- 5800+N - Java-based vncviewer;
- 5900+N - VNC Client Port;
- 6000+N - X Server port.
Find Out VNC Port
Type the following command:# netstat -tulp | grep vncUpdate /etc/sysconfig/iptables
Edit /etc/sysconfig/iptables file:# vi /etc/sysconfig/iptablesUpdate it as follows:
# Open VNC for USER1 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5800 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5900 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6000 -j ACCEPT # Open VNC for USER2 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5801 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6001 -j ACCEPTSave and close the file. Restart iptables:
# service iptables restartA Note About Other Linux Distributions
/etc/sysconfig/iptables works only on RHEL / CentOS / Fedora Linux. For other distros update your iptables shell script as follows:$IPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 5801 -j ACCEPT $IPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT $IPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 6001 -j ACCEPT
REFERENCES
http://www.cyberciti.biz/faq/linux-iptables-open-vncserver-port-6000-5800-5900/
