[SOLVED] VNC Server on Linux Mint - timeout

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
NazgulNr5
Level 1
Level 1
Posts: 7
Joined: Thu May 06, 2021 3:13 pm

[SOLVED] VNC Server on Linux Mint - timeout

Post by NazgulNr5 »

Hi all,
I'm trying to get a VNC connection from my Windows PC to my Linux Mint laptop.
I have installed the x11vnc server on the Linux machine. Status says it's up and running and ss -ltn shows the computer is listening on port 5900.
However, when I try to connect with the vncviewer from my PC I always get a timeout. I have deactivated the FW on the Ubuntu (shows iptables and ufw are not running) and disabled the Windows FW, still no good. Both computers can ping each other.
Any idea why the connection keeps failing?
Last edited by NazgulNr5 on Mon May 10, 2021 10:11 am, edited 1 time in total.
rene
Level 17
Level 17
Posts: 7552
Joined: Sun Mar 27, 2016 6:58 pm

Re: VNC Server on Linux Mint - timeout

Post by rene »

x11vnc is known broken in multiple ways. Please try if (the server part of) viewtopic.php?f=42&t=320929 works for you.
NazgulNr5
Level 1
Level 1
Posts: 7
Joined: Thu May 06, 2021 3:13 pm

Re: VNC Server on Linux Mint - timeout

Post by NazgulNr5 »

Thanks. I've tried that VNC Server too with the same result.
Is there a way to debug this?
rene
Level 17
Level 17
Posts: 7552
Joined: Sun Mar 27, 2016 6:58 pm

Re: VNC Server on Linux Mint - timeout

Post by rene »

Does your ss -ltn show the server listening on all or at least your LAN-interface? Port 5900? Does telnet localhost 5900 from the server itself imply something listening? With instead of localhost the LAN IP-address? From the Windows system with said LAN IP-address?

It is of course assumed that you are not trying to connect from another local network or over the internet, i.e., to your public IP (use of ss probably implies enough savvy wrt. that) but if you are you will of course need to configure your main modem/router to let things through.
NazgulNr5
Level 1
Level 1
Posts: 7
Joined: Thu May 06, 2021 3:13 pm

Re: VNC Server on Linux Mint - timeout

Post by NazgulNr5 »

Yes, ss shows it's listening on port 5900 and I can telnet to that port on the localshost.
No public IPs invloved, both computers are in the same subnet on my local LAN.
Edit: Is there a way to find if some sort of FW service is running on the Linux machine that I might have overlooked?
rene
Level 17
Level 17
Posts: 7552
Joined: Sun Mar 27, 2016 6:58 pm

Re: VNC Server on Linux Mint - timeout

Post by rene »

Yes, but does it also show it's listening on all (*:5900 for IPv4, [::]:5900 for IPv6) interfaces or the LAN IP -address interface? Localhost is 127.0.0.1. Does telnet with the LAN IP-address rather than localhost work? If I assume yes, then really only firewall issues remain (although, note, I did read you denied that as well).

If you have disabled e.g. GUW or whatever Mint's supplied firewall was called, you'd not have to look further unless you did special things to enable something originally.
NazgulNr5
Level 1
Level 1
Posts: 7
Joined: Thu May 06, 2021 3:13 pm

Re: VNC Server on Linux Mint - timeout

Post by NazgulNr5 »

Yes, it says *:5900.
I also spun up an Apache and incoming connections to this are also blocked, so the problem is not the VNC Server.

Can someone please help me interpret this output? It looks if is just lets nothing in.

me@NazgulRechner:~$ sudo iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
11872 11M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
1243 76284 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
304 34636 INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
304 34636 INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
304 34636 INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
163 20878 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
0 0 ufw-before-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-before-input all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-input all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-reject-input all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-track-input all -- * * 0.0.0.0/0 0.0.0.0/0
rene
Level 17
Level 17
Posts: 7552
Joined: Sun Mar 27, 2016 6:58 pm

Re: VNC Server on Linux Mint - timeout

Post by rene »

"virbr0"? That's a virtualized bridge interface so are we talking about some involved scenario here with VMs or alike?

Your firewall seems not disabled in any case. Here:

Code: Select all

$ sudo iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
I don't know about at least any of the on Mint used stuff; have you simply rebooted the system after disabling e.g. GUFW if that is what you were using?
NazgulNr5
Level 1
Level 1
Posts: 7
Joined: Thu May 06, 2021 3:13 pm

Re: VNC Server on Linux Mint - timeout

Post by NazgulNr5 »

The "virbr0" interface is for my GNS3. It's not involved at all in this case, I just use the normal ethernet interface.
How do I shut off the FW to see if it helps?
rene
Level 17
Level 17
Posts: 7552
Joined: Sun Mar 27, 2016 6:58 pm

Re: VNC Server on Linux Mint - timeout

Post by rene »

It's not enabled by default, so you'd supposedly know where you enabled it (*) but on 19.3 Cinnamon simply Preferences -> Firewall Configuration -> <status button>. You'd also be able to quickly check status with sudo ufw status.

I note that it does indeed leave behind some gunk when enabling/disabling that needs either manual cleanup or a reboot.

(*) If that sounds a bit combative it's due to really wanting Mint to get rid of that senseless junk again as it only causes problems exactly as here: people from a Windows background thinking they need it, but ending up only disturbing their LAN-setup and thinking (and stating on this here forum) that "Linux just does not work". I'll spare you the rest of that rant but there's plenty more...
NazgulNr5
Level 1
Level 1
Posts: 7
Joined: Thu May 06, 2021 3:13 pm

Re: VNC Server on Linux Mint - timeout

Post by NazgulNr5 »

Sorry for the late replay, I was afk over the weekend.
sudo ufw status says inactive, yet incoming connections are still blocked. Just booted the computer.
rene
Level 17
Level 17
Posts: 7552
Joined: Sun Mar 27, 2016 6:58 pm

Re: VNC Server on Linux Mint - timeout

Post by rene »

Terribly sorry, but I myself just don't know then. The difference in iptables output between our systems --- although admittedly mine is 19.3 and even though I don't seem to from yours immediately notice anything obvious --- seems to be saying that you have enabled some form of firewall, at some point at least. On Mint 19 and as far as I'm aware 20 nothing should be enabled by default at least. Moreover no experience with the other side of the connection, Windows, at all in this context so I guess I'll butt out. Dunno...
NazgulNr5
Level 1
Level 1
Posts: 7
Joined: Thu May 06, 2021 3:13 pm

Re: VNC Server on Linux Mint - timeout

Post by NazgulNr5 »

Figured it out myself :-D
I needed to add this:
sudo iptables -A IN_internal_allow -p tcp --dport 5900 -j ACCEPT

VNC works fine now.
Thanks very much for the help. I learned a lot about the Linux FW. I'm more used to FWs that have an IP address and don't hide from me.
rene
Level 17
Level 17
Posts: 7552
Joined: Sun Mar 27, 2016 6:58 pm

Re: VNC Server on Linux Mint - timeout

Post by rene »

Well, lovely, but I'll still plug the notion that you on a default and new install of Mint would not need to do that. If you're behind a standard NAT-router and/or router-based firewall there's really very little point to system-private firewalls on Linux: other than on Windows it is on Linux not the norm to install untrusted and/or hyper-commercial binary blobs. Well, maybe unless you do serious gaming: until quite recently "serious gaming" on Linux was a running joke in the first place...

But anyways and other than that: congrats :)
Post Reply