Command-Allow or Restrict Incoming VNC Connections

Iptables Open VNC Port To Allow Incoming VNC Connections
http://www.cyberciti.biz/faq/linux-iptables-open-vncserver-port-6000-5800-5900/
-------------------------------------------------------------------------------------
in CENTOS, DEBIAN / UBUNTU, IPTABLES

How do I configure Linux system firewall to allow incoming VNC connections?

VNC server listens on the following TCP ports:

=> VNC server on display 0 will listen on TCP ports 5800, 5900 and 6000


=> VNC server on display 1 will listen on TCP ports 5801, 5901 and 6001
=> VNC server on display N will listen on TCP ports 580N, 590N and 600N

In other words a VNC server listens for a VNC client on TCP ports 5800+N, 5900+N, and 6000+N where N is the display which starts at zero. So,

Allow or Restrict Incoming VNC Connections

5800+N - Java-based vncviewer;
5900+N - VNC Client Port;
6000+N - X Server port.
Find Out VNC Port

Type the following command:
# netstat -tulp | grep vnc

Update /etc/sysconfig/iptables

Edit /etc/sysconfig/iptables file:
# vi /etc/sysconfig/iptables

Update it as follows:

# Open VNC for USER1
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5800  -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5900  -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6000  -j ACCEPT
# Open VNC for USER2
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5801  -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901  -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6001  -j ACCEPT
Save and close the file. Restart iptables:
# service iptables restart

A Note About Other Linux Distributions

/etc/sysconfig/iptables works only on RHEL / CentOS / Fedora Linux. For other distros update your iptables shell script as follows:

$IPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 5801  -j ACCEPT
$IPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 5901  -j ACCEPT
$IPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 6001  -j ACCEPT

##############################################################################################################################################################################
http://www.centos.org/docs/4/html/rhel-sg-en-4/s1-fireall-ipt-act.html

7.2. Using iptables
The first step in using iptables is to start the iptables service. This can be done with the command:

service iptables start
Warning Warning
 
The ip6tables services should be turned off to use the iptables service with the following commands:

service ip6tables stop
chkconfig ip6tables off
To make iptables start by default whenever the system is booted, you must change runlevel status on the service using chkconfig.

chkconfig --level 345 iptables on
The syntax of iptables is separated into tiers. The main tier is the chain. A chain specifies the state at which a packet is manipulated. The usage is as follows:

iptables -A chain -j target
The -A option appends a rule at the end of an existing ruleset. The chain is the name of the chain for a rule. The three built-in chains of iptables (that is, the chains that affect every packet which traverses a network) are INPUT, OUTPUT, and FORWARD. These chains are permanent and cannot be deleted. The -j target option specifies the location in the iptables ruleset where this particular rule should jump. Some built in targets are ACCEPT, DROP, and REJECT.

New chains (also called user-defined chains) can be created by using the -N option. Creating a new chain is useful for customizing granular or elaborate rules.

7.2.1. Basic Firewall Policies
Establishing basic firewall policies creates a foundation for building more detailed, user-defined rules. iptables uses policies (-P) to create default rules. Security-minded administrators usually elect to drop all packets as a policy and only allow specific packets on a case-by-case basis. The following rules block all incoming and outgoing packets on a network gateway:

iptables -P INPUT DROP
iptables -P OUTPUT DROP
Additionally, it is recommended that any forwarded packets — network traffic that is to be routed from the firewall to its destination node — be denied as well, to restrict internal clients from inadvertent exposure to the Internet. To do this, use the following rule:

iptables -P FORWARD DROP
After setting the policy chains, you can create new rules for your particular network and security requirements. The following sections outline some rules you may implement in the course of building your iptables firewall.

7.2.2. Saving and Restoring iptables Rules
Firewall rules are only valid for the time the computer is on; so, if the system is rebooted, the rules are automatically flushed and reset. To save the rules so that they are loaded later, use the following command:

/sbin/service iptables save
The rules are stored in the file /etc/sysconfig/iptables and are applied whenever the service is started or restarted, including when the machine is rebooted.


###############################################################SAMIR PATRY#####################################################################
# Generated by iptables-save v1.2.8 on Fri Dec  6 00:42:56 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [423:30671]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 255 -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 5902 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Dec  6 00:42:56 2013
~                                                  


Step:1
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 5902 -j ACCEPT

add the port u need

Step:2
service iptables restart

Step:3
/sbin/iptables -L -vn
check the port which u configure is present or not

Step:4
/sbin/service iptables save

Save the configuration

Step:5
service iptables restart

Step:6
/sbin/iptables -L -vn
check the port which u configure is present or not

IF PRESENT THEN CONNECTE WITH VNC PORT AND CHECK ITS WORKING OR NOT

CONFORM########################

Comments

Post a Comment

Popular posts from this blog

Connect Cassandra using DBeaver

Image
DBearver: Download enterpriese DBearver .its free (dbeaver-ee-3.7.4-x86_64-setup) http://dbeaver.jkiss.org/download/enterprise/ cassandra-jdbc-driver: http://www.dbschema.com/cassandra-jdbc-driver.html Step-1: Select Database->Driver Manager Step-2:Select New Step-3: Driver Information : Driver Name:                  User Friendly Name Driver Type:                    Generic Java Driver Class:           com.dbschema.CassandraJdbcDriver URL:                                    jdbc:cassandra://{host}[:{port}]/{database} Required File(s):            cassandra-driver.jar Default Port:                   9042 Library File:                      cassandrajdbc1.1 Step-4: Get the class jar file cassandrajdbc1.1 Step-5: select Find Class Step-6: Apply Ok Step-7: New Database connection Step-8: Select Database Type Step-9: Put the database connection information Step-10: put the ssh tunnel information
Read more

Virtualization and Cloud Computing

Image
What is virtualization? In a nutshell, virtualization is software that separates physical infrastructures to create various dedicated resources. It is the fundamental technology that powers cloud computing. "Virtualization software makes it possible to run multiple operating systems and multiple applications on the same server at the same time," said Mike Adams , director of product marketing at VMware, a pioneer in virtualization and cloud software and services. "It enables businesses to reduce IT costs while increasing the efficiency, utilization and flexibility of their existing computer hardware." The technology behind virtualization is known as a virtual machine monitor (VMM) or virtual manager, which separates compute environments from the actual physical infrastructure. Virtualization makes servers, workstations, storage and other systems independent of the physical hardware layer , said John Livesay, vice president of InfraNet , a network infrast
Read more

SIP-TIMERS “Timing is everything”

Image
      There are several aspects of SIP that ensure that messages are delivered on time. Three basic SIP timer parameters – T1, Timer B, and Timer F.  T1 is the estimated round trip time of an IP packet.  By default, T1 is set to 500 milliseconds which for many networks can be a little on the high side.   However, the SIP standard allows you to ignore the default and set it to something that better matches your network characteristics. The second SIP timer parameter is Timer B.  Timer B is the maximum amount of time that a sender will wait for an INVITE message to be acknowledged — i.e. a SIP response message is received. Timer F is the maximum amount of time that a sender will wait for a non-INVITE message to be acknowledged.  SIP messages such as REFER, INFO, MESSAGE, BYE, and CANCEL fall into this category. The way that Timer B and Timer F function is pretty straightforward.   Both timers default to 64 times T1.  If you take the T1 default of 500ms, Timer B and Time
Read more