Hi folks,
I have an Ubuntu headless server (17.04) that I want to use for virtualisation and access using VNC. The two main clients that I'm trying to use for this are Windows 10, although I've also tried from a xenial laptop. This is all being accessed on my home LAN.
tl;dr Installed TightVNC server, running OK, all ports appear to be open on server, clients can't connect, nmap suggests only ports 22, 8000 and 8001 are open - can anyone help?
Long version:
On the server (hostname 'numbersix', ip 192.168.1.6) I've installed TightVNC server and Xfce. I've installed TightVNC as a systemd service - this all seems to work, as, after starting 'sudo systemctl status vncserver@1' gives:
Code:
● vncserver@1.service - Start TightVNC server at startup
Loaded: loaded (/etc/systemd/system/vncserver@.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2017-11-09 21:38:13 GMT; 6s ago
Process: 3924 ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :1 (code=exited, status=0/SUCCESS)
Process: 3916 ExecStartPre=/usr/bin/vncserver -kill :1 > /dev/null 2>&1 (code=exited, status=2)
Main PID: 3937 (Xtightvnc)
Tasks: 0 (limit: 4915)
CGroup: /system.slice/system-vncserver.slice/vncserver@1.service
‣ 3937 Xtightvnc :1 -desktop X -auth /home/adam/.Xauthority -geometry
1280x800 -depth 24 -rfbwait 120000 -rfbauth /h
Nov 09 21:38:12 numbersix systemd[1]: Starting Start TightVNC server at startup...
Nov 09 21:38:12 numbersix systemd[3916]: pam_unix(login:session): session opened for user adam by (uid=0)
Nov 09 21:38:12 numbersix systemd[3924]: pam_unix(login:session): session opened for user adam by (uid=0)
Nov 09 21:38:13 numbersix systemd[1]: Started Start TightVNC server at startup.
'sudo netstat -nlpt | grep -i vnc' gives:
Code:
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 3937/Xtightvnc
tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 3937/Xtightvnc
'nmap numbersix' (run locally) gives:
Code:
Nmap scan report for numbersix (127.0.1.1)
Host is up (0.000014s latency).
Other addresses for numbersix (not scanned): 192.168.1.6
Not shown: 989 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
5901/tcp open vnc-1
6001/tcp open X11:1
8000/tcp open http-alt
8001/tcp open vcom-tunnel
8080/tcp open http-proxy
9091/tcp open xmltec-xmlmail
Nmap done: 1 IP address (1 host up) scanned in 1.66 seconds
Finally, I had a check of iptables - the output is pretty huge:
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
OUTPUT_direct all -- anywhere anywhere
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_public (1 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain FWDI_public_allow (1 references)
target prot opt source destination
Chain FWDI_public_deny (1 references)
target prot opt source destination
Chain FWDI_public_log (1 references)
target prot opt source destination
Chain FWDO_public (1 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere
Chain FWDO_public_allow (1 references)
target prot opt source destination
Chain FWDO_public_deny (1 references)
target prot opt source destination
Chain FWDO_public_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_public (1 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:8000 ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:8001 ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:64667 ctstate NEW
Chain IN_public_deny (1 references)
target prot opt source destination
Chain IN_public_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
Now, line six of the INPUT chain suggests that everything is open - is that right?
Running 'sudo nmap numbersix' from my Ubuntu laptop gives:
Code:
Starting Nmap 7.01 ( https://nmap.org ) at 2017-11-10 12:50 GMT
Nmap scan report for numbersix (192.168.1.6)
Host is up (0.0032s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
8000/tcp open http-alt
8001/tcp open vcom-tunnel
MAC Address: 60:45:CB:64:2B:C8 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 12.85 seconds
What am I missing?
Adam...