vnc fails on port 5811

Craig White craigwhite at azapple.com
Sat Jul 17 12:11:43 UTC 2004 

On Fri, 2004-07-16 at 23:36, Barry Yu wrote:
> William Hooper wrote:
> 
> >Barry Yu said:
> >[snip] 
> >  
> >
> >>>Do you get any errors when starting VNC?
> >>>How about in the VNC log?
> >>>Are you trying to use the vncviewer or connect to the VNC HTTP server?
> >>>Have you check if something else is listening on any of the ports VNC
> >>>needs (use "netstat -at" and check for ports 5811, 5911, 6011).
> >>>
> >>>
> >>>      
> >>>
> >>I didn't see any error message when starting vnc sever, you will see
> >>below the ouptput of it. I use menu->accessories->vnc viewer to connect vnc
> >>sever, but using browser to connect also failed. And at my current level I
> >>can't see anything causing the problem as per your instruction;
> >>
> >>Here below is netstat output;
> >>    
> >>
> >
> >FWIW you don't need the 5811, because netstat shows you all the ports. 
> > 
> >  
> >
> >>[root at fc2-station-1 root]# netstat -at 5811
> >>Active Internet connections (servers and established)
> >>Proto Recv-Q Send-Q Local Address           Foreign Address    State
> >>    
> >>
> >[snip]
> >  
> >
> >>tcp        0      0 *:5811                  *:*                LISTEN
> >>    
> >>
> >[snip]
> >  
> >
> >>tcp        0      0 *:5911                  *:*                LISTEN
> >>    
> >>
> >[snip]
> >  
> >
> >> tcp        0      0 *:6011                  *:*               LISTEN
> >>    
> >>
> >
> >Hmm.  Everything looks ok here.  I should have had you run "netstat -atp" to verify that it is VNC listening, but I bet it is.
> >
> >[snip]
> >  
> >
> >>Here is the log and I don't know what it is telling;
> >>
> >>Xvnc version 4.0b4 - built Apr 14 2004 12:42:18
> >>Underlying X server release 40300000, The XFree86 Project, Inc
> >>Fri Jul 16 09:36:53 2004
> >>vncext:      VNC extension running!
> >>vncext:      Listening for VNC connections on port 5911
> >>vncext:      Listening for HTTP connections on port 5811
> >>vncext:      created VNC server for screen 0
> >>error opening security policy file
> >>/usr/X11R6/lib/X11/xserver/SecurityPolicy
> >>Could not init font path element /usr/X11R6/lib/X11/fonts/CID/, removing
> >>from list! SESSION_MANAGER=local/fc2-station-1:/tmp/.ICE-unix/3945
> >>Window manager warning: Log level 32: could not find XKB extension.
> >>/usr/share/rhn/rhn_applet/rhn_applet.py:362: DeprecationWarning: integer
> >>argument expected, got float self.animate_timeout_tag =
> >>gtk.timeout_add(math.floor(1000 * ANIMATION_TOTAL_TIME/len(frames)),
> >>self.animate_handler)
> >>    
> >>
> >
> >This looks pretty normal.  The "Window manager warning" is a known issue with rhn-applet.
> >
> >I don't see any attempts to connect in the log file, though.  Had you just started the server?
> >
> >You might also attempt to telnet into the VNC port (from fc2-station-1):
> >
> >telnet localhost 5911
> >
> >Possibly you have a firewall blocking access from another PC?
> >  
> >
> I can telnet from remote machine to vnc server without problem.
> 
> Here are 2 results of telnet ;
> 
> root at fc2-station-1 root]# telnet localhost:5911
> localhost:5911/telnet: Name or service not known
> 
> root at fc2-station-1 root]# telnet localhost
> Trying 127.0.0.1...
> Connected to localhost.localdomain (127.0.0.1).
> Escape character is '^]'.
> Fedora Core release 2 (Tettnang)
> Kernel 2.6.6-1.435.2.3 on an i686
> login: barry
> Password:
> Last login: Fri Jul 16 23:03:05 from fc2-station-1
> 
> How do I trace the block of firewall?
-----
telnet localhost 5811 #to telnet to port 5811

telnet localhost #by default, telnet server (port 23) shouldn't be
listening at all so you must have turned that on. For most purposes, you
shouldn't install telnet server daemon and shouldn't turn it on but if
you do, you should at least get very serious with hosts.allow/hosts.deny
configuration to limit access. For most purposes, ssh is a much better
method.

I don't know about tracing the block of a firewall - some configurations
would drop packets silently, some would immediately reject outright. If
you are talking about iptables on Linux, you can create a chain that
logs activity (including dropped or rejected packets) and by default,
those logged items would show up in the syslog (/var/log/messages).

Craig

More information about the users mailing list