Results 1 to 9 of 9

Thread: VNC port

  1. #1
    Join Date
    Jul 2004
    Posts
    518

    Question VNC port

    Hello,

    I was wondering if I could change the default port of vnc server and how to do so?

    What is the default port for vncserver server anyway? Is it 5900?

    Thank you!
    |ーWe are all born to this world To meet a certain person; it must be soー|

  2. #2
    The defaults for VNC are 5800 (web) and 5900 (vnc client). You can change the default port, but it will depend on which VNC server software you are using. For a Windows VNC server, generally there is an option in the configuration panel for the application.

    On Debian Linux, there's a wrapper script in /usr/bin/vncserver that starts Xvnc. You'd need to edit that script to change the port. See this URL: hxxp://linux.cudeso.be/linuxdoc/tweaky_net.php

    There's probably something similar on other Linux versions.

    Good luck.

  3. #3
    Join Date
    Jul 2004
    Posts
    518
    I use Xvnc/vncserver with Fedora 7 and use tightvnc as the viewer on my Windows pc.

    I've tried changing the vncserver port to 80, and the tightvnc viewer to 80, but it didn't work. Tried with many other port numbers, still didn't work. Changed back to 5900, and it's working again. The ports that I tried did not have anything else running on that port, same with 80 or 21 for example, which I killed the httpd and ftpd beforehand.

    What I want to achive is to be able to connect to my vncserver via generally-acceptable ports such as port 80 or 21, since I'm on a library a lot, and their network blocks all other ports beside generally-accepted ones.

    I wonder if this is possible -- connecting to vncserver via ports like 80 or 21?

    Thank you!!
    |ーWe are all born to this world To meet a certain person; it must be soー|

  4. #4
    I'm not 100% certain, but my first guess would be that vncserver is running as a non-privileged user, which is why it doesn't work with 80/21, since those are "privileged" ports--e.g. <1000, available for root/system processes.

    You could do some sys admin kung fu to get around this limitation, but you have to remember that vnc is not encrypted, so your password to get into vnc would be going out in the clear. Why not set up an ssh tunnel instead?

    Assuming you have a firewall at home, you'd have to set up the ssh port forwarding on your firewall, then set up a tunnel:

    ssh -N -L 5900:Linux_box_ip:5900 firewall_ip

    I do something like this on my home network to allow me to use ssh key-only logins from any remote location, as well as give me access via remote desktop to my home PC and to my Linux test box's web server. I actually run a second ssh in key only mode on a high port to add extra obfuscation to the whole set up.

    If you want to go ahead with changing vnc's port, google for "run vncserver on privileged port"

    You're welcome, good luck with getting it working.

  5. #5
    Join Date
    Jul 2004
    Posts
    518
    With ssh tunneling though, you will need port 22 right? Is it possible to change SSH's port to something else and then still be able to use the tunneling? Because I think port 22 is blocked too.
    |ーWe are all born to this world To meet a certain person; it must be soー|

  6. #6
    Yes, ssh runs as a priviledged user, hence it being <1000. You can change the current sshd to run on a different port, or start up a second instance running on a second port.

    I've done the latter, since I use ssh on my LAN @ home, and my scripts for backups and other things would have to be tweaked if I changed the first instance's port. I start a 2nd instance running on a high port that only accepts key logins; this prevents brute force attacks.

  7. #7
    Join Date
    Jul 2004
    Posts
    518
    The thing is... I'm absolutely clueless about ssh-tunneling This is actually the first time I'm exploring this subject.

    I've read about it over the net and kinda got the picture already how it work, but I'm not clear how to set it up.

    How do I set up my windows laptop for ssh-tunneling to work? So that whenever I'm accessing the browser or other internet application, it will instead connect to the ssh-tunneling setup (to my server?)?

    Secondly, I need to run this command on my linux box right? But, I don't get the "firewall_ip", what is it for? "Linux_box_ip" is the host/vncserver right?

    ssh -N -L 5900:Linux_box_ip:5900 firewall_ip

    Will this ssh-tunneling really work on firewalled network which blocks all other ips, such as the one my library has?

    I really just want to bypass my library's firewall/port filters so that I could connect to my vnc server (the most important one as I'd like access to my linux box wherever I am) and even other internet applications such as msn messenger for that matter.

    Thank you!!
    |ーWe are all born to this world To meet a certain person; it must be soー|

  8. #8
    Join Date
    Nov 2001
    Location
    Ann Arbor, MI
    Posts
    2,978
    After changing to port 80, were you testing from the library? If so, I wouldn't doubt it if they have a web/ftp proxy set up and block everything else.
    -Mark Adams
    www.bitserve.com - Secure Michigan web hosting for your business.
    Only host still offering a full money back uptime guarantee and prorated refunds.
    Offering advanced server management and security incident response!

  9. #9
    Join Date
    Jul 2004
    Posts
    518
    Testing in my home network, library, and everywhere else is not working. If my home network isn't working, then shouldn't places with firewall/filtering wouldn't work too?

    Hmm...I've been wondering, does the client connecting to the vncserver matters? I don't see any change port option on RealVNC, and TightVNC (Which I use) only have "Accept reverse VNC connections on TCP port: 5900"
    |ーWe are all born to this world To meet a certain person; it must be soー|

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •