VNC and Ports
 

We are trying to setup a way to RDP to a Redhat 6 workstation using UltraVNC from a windows 7 box. When I try to connect from the windows box I get a connection failure. If I stop iptables on the redhat box, the connection will work at least one time. This tells me something on the redhat workstation's firewall is blocking.

I tried to allow these ports on the linux side with

iptables -A INPUT -p tcp --dport 5500 -j ACCEPT
iptables -A INPUT -p tcp --dport 5800 -j ACCEPT
iptables -A INPUT -p tcp --dport 5900 -j ACCEPT

Still I am not able to connect.

I am able to telnet to the windows box on that port but I cant telnet to the linux box from the windows box on that port..

telnet ipaddress 5900 doesnt connect on windows box.

turning off iptables shuts down the network so to speak so that isnt a good option.

Any ideas?

Here is sample of the iptables rules...

# Generated by iptables-save v1.4.7 on Tue Nov 20 15:49:52 2012
*nat
:PREROUTING ACCEPT [185:38526]
:POSTROUTING ACCEPT [1787:111150]
:OUTPUT ACCEPT [1795:111965]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Tue Nov 20 15:49:52 2012
# Generated by iptables-save v1.4.7 on Tue Nov 20 15:49:52 2012
*mangle
:PREROUTING ACCEPT [16631:14079981]
:INPUT ACCEPT [16627:14079301]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [16056:2537718]
:POSTROUTING ACCEPT [16104:2547919]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Tue Nov 20 15:49:52 2012
# Generated by iptables-save v1.4.7 on Tue Nov 20 15:49:52 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [39:2055]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m tcp --dport 5500 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5800 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5900 -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Nov 20 15:49:52 2012

Oh my...
 

Well for one thing there are no VNC packages that do RDP. RDP is a Microsoft protocol used by Remote Desktop and RDESKTOP and derivatives and clones. VNC is different, based on code that began its life at IBM. (Thanks guys.)

1. Did you check that VNCSERVER is running on the RH workstation?
2. Are you using VNCVEIWER from the Windows machine?
3. What behavior do you get from VNCVEIWER?
4. Have you extracts from any logs from VNCSERVER?

The telnet test from Linux to Windows tell you nothing, because that is not the connection you say you are trying to make.
The telnet test from Windows to Linux means something, but only if the VNCSERVER is running on the Linux box. (Telnet and vncveiwer can only connect to a service if it happens to be running.)

Once you are sure that VNCSERVER is running, if you still get no connection try turning off the firewall and test again. If you can then connect, you need to retune your firewall rules. IF you STILL cannot connect with the firewall down, then run netstat -an and look for listeners and figure out where VNCSERVER is listening and what connections it will accept.