VNC through Firewall

JohnDVD · 2015-08-01 09:10:50

Hi,

I want an X11VNC connection through firewall (ufw) within the LAN.
I opened port 5900 (for DISPLAY :0), but I noticed that it needs additional ports that are random about 24000 to 48000 or higher.
How can I make that ports static for x11vnc?
I tought port 5900 is sufficient, but netstat -atvn (on client) says for example:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 1 192.168.2.99:42097 192.168.2.89:5900 SYN_SENT

I have to open port 42097 on the VNC Server to let the client connect. Nevertheless the port changes every try. Can one make it static?

Greetz
JD

Slithery · 2015-08-01 11:06:25

JohnDVD wrote:

I have to open port 42097 on the VNC Server to let the client connect.

No you don't.

Your netstat output shows that a connection is being made from port 42097 on the client to port 5900 on the server just as it should do.
As long as the firewall rule on your server is accepting connections from any source port to destination port 5900 then you should be up and running.

JohnDVD · 2015-08-01 11:51:02

Thanks for that advice

graysky · 2015-08-01 11:53:25

I recommend you do not expose 5900 to the world. Instead, use an ssh tunnel. See the vnc page on the wiki.

JohnDVD · 2015-08-01 11:54:40

I restrict the access to my local network at this time.

bulletmark · 2015-08-01 13:43:16

JohnDVD wrote:

I restrict the access to my local network at this time.

But using ssh with x11vnc is the "canonical" way to do it. See the man page for x11vnc which is riddled with examples and snippets on how to use it with ssh.

Arch Linux

#1 2015-08-01 09:10:50

VNC through Firewall

#2 2015-08-01 11:06:25

Re: VNC through Firewall

#3 2015-08-01 11:51:02

Re: VNC through Firewall

#4 2015-08-01 11:53:25

Re: VNC through Firewall

#5 2015-08-01 11:54:40

Re: VNC through Firewall

#6 2015-08-01 13:43:16

Re: VNC through Firewall

Board footer