How to make Linux VNC server listen on local IP instead of just loopback?

Question

I know how to specify a listening port of VNC server under Linux, but what puzzles me is that I can not find a way to specify a VNC listening IP.

When started VNC server under CentOS 5.6, I found its process "Xvnc" is listening on 127.0.0.1:5901. Maybe this is why I always failed to get in when I use any XNC client. I do not know why it listened on "lo" network interface but not on "eth0".

score 8 · Accepted Answer · answered Jan 17 '12 at 06:30

8

It sounds like your vncserver is started with localhost parameter:

# vncserver -h

usage: vncserver [:<number>] [-nohttpd] [-name <desktop-name>] [-depth <depth>]
                 [-geometry <width>x<height>]
                 [-pixelformat rgbNNN|bgrNNN]
                 <Xvnc-options>...

# Xvnc -h
Unrecognized option: -h
...
Global Parameters:
  localhost      - Only allow connections from localhost (default=0)

You should probably check the /etc/sysconfig/vncservers and the init script /etc/init.d/vncserver.

If you want to bind to specific IP, do it with iptables or take a look at this.

answered Jan 17 '12 at 06:30

quanta

51,413
19
159
217

1

Thanks.That is the "-localhost" configuration in /etc/sysconfig/vncservers: VNCSERVERARGS[3]="-geometry 1280x768 -nolisten tcp -localhost – user107233 Mar 29 '12 at 03:04
The link is broken. – Radim Cernej Sep 17 '21 at 09:28

score 1 · Answer 2 · answered Mar 15 '23 at 18:41

For TigerVNC, as quanta already mentioned, try to utilize Xvnc-option -interface like so: vncserver <your options here> -interface <ip address>. Also -localhost option might be the cause as well.

Xvnc -help:

  interface      - listen on the specified network address (default=all)
  localhost      - Only allow connections from localhost (default=0)

vncserver -help:

    [-localhost [yes|no]]    
      if enabled, VNC will only accept connections from localhost.

Useful links:

https://tigervnc.org/doc/Xvnc.html

https://linux.die.net/man/1/xvnc

score 0 · Answer 3 · answered Feb 04 '22 at 18:41

There are different flavors of VNC, but I will proceed with describing setup of TightVNC.

First, verify you are using Xfce4. I use XUbuntu 21.10, in this case, which defaults to XFCE. Check for it with this command:

sudo apt list --installed | grep xfce4

NOTE: I had trouble getting this config to work without xfce4 on the standard Ubuntu.

Next install TightVNC like so:

sudo apt upgrade & sudo apt update
sudo apt install xfce4-goodies
sudo apt install tightvncserver ssh openssl

Then run:

vncpassword
echo -e '#!/bin/bash \nxrdb $HOME/.Xresources \nstartxfce4 & \n'

At this point you could run the vncserver command to start it up, but instead we want to run as a service. So, create this service file, but fix the 4 instances of sammy username in this file to match your system user/group:

#/etc/systemd/system/vncserver@.service
[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target

[Service]
Type=forking
User=sammy
Group=sammy
WorkingDirectory=/home/sammy

PIDFile=/home/sammy/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :%i
ExecStop=/usr/bin/vncserver -kill :%i

[Install]
WantedBy=multi-user.target

In that config, I suppressed the use of the -localhost argument so that the VNC service will listen , and allow, on port 5901 from all remote hosts.

Then run these commands once:

sudo systemctl daemon-reload
sudo systemctl enable vncserver@1.service
sudo vncserver -kill :1
sudo systemctl start vncserver@1
sudo systemctl status vncserver@1

Now, from a remote computer, connect to this service on port 5901 from a VNC client on another computer.

How to make Linux VNC server listen on local IP instead of just loopback?

3 Answers3