Only one VNC socket works: 5901

paulmmluap
paulmmluap Posts: 4  Freshman Member
First Comment
edited April 2021 in Security

I don't understand why only one VNC socket works for my Linux server. Before I used the USG40 I tested several connections (sockets 5901-5904) and they worked fine. I connected the USG in the following "circuit": Fiber(AT&T), Modem(AT&T), Router (AT&T) with Port forwarding IP to USG40. On USG40 P2 WiFi, P3 Linux Server, P4 PC, P5 NAS (all four on LAN1). It would seem to me your USG40 is stopping the traffic in all but 5901.

All Replies

  • paulmmluap
    paulmmluap Posts: 4  Freshman Member
    First Comment

    It looks like the only port open on my Linux box is 5901. This is odd because I:

    [root@server userid]# firewall-cmd --zone=public --add-port=5900-5910/tcp --permanent

    success

    [root@server userid]# firewall-cmd --list-all

    public(active)

    ..

    ports: 5901/tcp

    ..


    URGH!!!!

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,511  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @paulmmluap

    Can you see VNC packets on Lan interface if you connect VNC from Internet?

    For port mapping settings, you also need to create a firewall rule to allow VNC traffic from wan to lan.


    Packet capture CLI: 

    Router> packet-trace interface lanx extension-filter port xxxx

Security Highlight