Firewall Issue - VNC

Alex Sage

So I have CentOS 7 and I want to run VNC.

I type vncserver and it starts a VNC session on :1

Great I open port 5901 on the firewall, both tcp and udp.

Reload the firewall, and I can't connect...

Turn off the firewall and I connect fine on port 5901...

What am I missing?

scottalanmiller

Should be it. Are you sure you got the firewall port open?

dafyre

firewall-cmd --reload should do the trick, I think?

Alex Sage

@dafyre did that already...

scottalanmiller

@dafyre said in Firewall Issue - VNC:

firewall-cmd --reload should do the trick, I think?

He says he got that step.

I'm wondering about a typo in the port command.

firewall-cmd can show the rules too.

Alex Sage

Hmmmm.....

Doesn't seem to be adding....

sudo firewall-cmd --list-all

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp6s0f0
  sources:
  services: dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

scottalanmiller

I can't remember the syntax to show the rules. --show-all maybe.

Alex Sage

@scottalanmiller firewall-cmd --list-all

scottalanmiller

There we go. What is your add command?

Alex Sage

@scottalanmiller

sudo firewall-cmd --zone=public --add-port=5901/tcp
sudo firewall-cmd --zone=public --add-port=5901/udp

JaredBusch

turn off selinux, confirm it all works, turn it back on and add an exception.

Alex Sage

@aaronstuder F***[moderated]. ---permanent duh!

dafyre

@aaronstuder said in Firewall Issue - VNC:

@scottalanmiller

sudo firewall-cmd --zone=public --add-port=5901/tcp
sudo firewall-cmd --zone=public --add-port=5901/udp

Important to note: Those are not permanent and will not survive a --reload .

Edit: You beat me to it.

Alex Sage

And now I feel stupid...

dafyre

Oops.