0

I've installed VNC on CentOS and enabled it on port 5901. I made sure that selinux, firewalld and iptables were disabled/stopped on the system for troubleshooting purposes. Now I can successfully test access to port 5901 (using netcat) using localhost, but if I use the IP address, even if connecting locally, I get "connection refused":

# netcat to localhost works
$ nc -vz localhost 5901
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Connected to ::1:5901.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.

# using IP doesn't work
$ nc -vz 192.168.3.57 5901
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Connection refused.

Needless to say, I can't connect with a VNC client. Does anyone have any idea of what I've missed either in my VNC configuration or firewall settings that could be causing this? Thanks in advance.

L.Ray
  • 113
  • 1
  • 4

2 Answers2

1

Try running vncserver with -localhost no. IIRC, vncserver will only listen on localhost by default.

Ackack
  • 989
  • 5
  • 11
  • Thanks, this is definitely the problem, but in the latest versions VNC has is started and stopped using systemd and the vncserver command no longer works. How would you do the same using systemd's systemctl command? – L.Ray Apr 11 '21 at 13:01
  • You could modify the systemd unit file - it will probably be in `/usr/lib/systemd`. However, VNC traffic is not encrypted at all, so a better approach would be for you to utilize SSH to port forward and then connect that way. – Ackack Apr 11 '21 at 17:52
  • Adding "localhost=no" to the Services section of the unit file in /etc/systemd/system enabled remote access. Unfortunately, I'm using an IOS client which doesn't provide tunneling. It's all on my test network, so there's no outside access. – L.Ray Apr 15 '21 at 03:36
-1

I'm not sure which VNC server you're using, but I just tested this on CentOS 7 and it worked.

$ sudo yum install -y tigervnc-server
$ sudo vncserver

Netcat will connect to that. However, in order to connect from another machine, I had to stop the firewalld service (I didn't bother opening the port).

Andrew Lamarra
  • 146
  • 8