Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
I just setup VNC on my openSUSE 10.3 box.
I can connect using the Tight VNC client from within my network and can view the Java applet at http://192.168.10.3:5801/
However, I cannot view the applet or connect from outside my network. I've setup ports 5801 and 5901 to forward to 192.168.10.3 on my router (Motorola WR850G). If I go to gotomyvnc.com and run their port scanner it looks like I've configured things correctly:
Checking you out at IP address "24.165.169.0"...
24.165.169.0 is not responding on Display 0.
24.165.169.0 is accepting connections on Display 1 (TCP port 5901).
24.165.169.0 is not responding on Display 2.
24.165.169.0 is not responding on Display 3.
24.165.169.0 is not responding on Display 4.
24.165.169.0 is not responding on Display 5.
24.165.169.0 is not responding on Display 6.
24.165.169.0 is not responding on Display 7.
24.165.169.0 is not responding on Display 8.
24.165.169.0 is not responding on Display 9.
Scan of "24.165.169.0" is complete.
Hit 'reload' or 'refresh' in your browser to scan again.
By the way, you don't want to connect to VNC this way. VNC runs in the open, and has no security so anyone can see you're passwords, etc. Do a little searching on how to run VNC over an SSH tunnel for when you're not on your LAN.
By the way, you don't want to connect to VNC this way. VNC runs in the open, and has no security so anyone can see you're passwords, etc. Do a little searching on how to run VNC over an SSH tunnel for when you're not on your LAN.
You can tunnel the VNC connection via SSH in the following way:
Logon to VNC server via SSH as follows:
ssh -X "VNC_server_name_in_your_network"
(the -X (uppercase) argument sends all apps (windows) opened on SSH server to client screen- refer to SSH manual pages)
Then, You run vncserver on the machine You just logged on to (if you don't have it running already, that is), and then, all you have to do is:
vncviewer localhost:1
Voila! Log on to VNC server from the same machine running it! Your desktop will be tunneled to your local screen.
BTW, checkout the ~user/.vnc/xstartup file... for full X You'll have to uncomment some lines
Thanks for the tips. I was going to try running it over SSH after I got it working the insecure way. I got another lease avoiding IP addresses ending in 255 or 0, but still no luck.
I was going to try running it over SSH after I got it working the insecure way.
In general, trying it the secure way first is vastly preferable.
How are you trying to get access from outside? You shouldn't post your actual IP address since you don't have any security, but an example of the URL might help.
You also might look at the output from the port scanner. Port 5901 is open, but it never found port 5801 open. It might not be. Double check both your router and your firewall.
And really, you should be looking at doing this over SSH, not fooling around with unsecured connections. Heck, just having 5901 open to the outside world is asking for trouble.
I only left the ports open on my router for a few minutes while I was fooling around and I obtained a new IP address from my ISP before posting my example here, so I don't really think I opened myself up to too much risk. Anyway, I started trying to get SSH to work instead. Not VNC over SSH, but just a regular SSH connection. Again, it worked if I typed 192.168.10.3 into Putty, but failed if I typed in the IP address I got from my ISP. I know that I am using the right IP address because if I type it into my browser I am taken to my router's configuration page. I thought that maybe Time-Warner was blocking connections on known ports, so I changed my router to forward from port 10022 to port 22, but still didn't have any luck connecting to 10022.
This is sounding a lot like a router "feature". Not all routers will correctly deal with entering the WAN IP address (the one you get from your ISP) if the computer is connected to the LAN side of the router. I've actually got two routers on my network, my Linksys router which handles pretty much everything, and a Motorola router that handles my Vonage phone. If I connect the Motorola router to the ISP and put the Linksys behind it, I see behavior very similar to what your describing. If the Linksys is the one connected to the ISP, then it behaves properly.
Quote:
I know that I am using the right IP address because if I type it into my browser I am taken to my router's configuration page.
OK, this is NOT good for a couple of reasons. First, this is the way my Motorola router behaves, and that lends some support to the idea that you're seeing a basic router feature. Second, you REALLY, REALLY, REALLY don't want your router configuration exposed to the internet. Even if you've changed the defaults, this isn't a good thing.
If you turn off Internet access to the router configuration it may allow your router to behave the way you want. Otherwise, you might try a free domain service like no-ip or dyndns and see if using a domain name helps. It doesn't for my Motorola router, but you never know.
Thanks a lot for your help. You were absolutely right. If I entered my WAN IP address from work, it worked. It appears I was simply unable to do this from within the LAN even using dyndns. That also accounted for me being taken to my router's config page, which I thankfully wasn't able to access from outside my LAN. Now I've got VNC tunneling setup over SSH.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.