Hi, i have a problem… i cant access the vm vnc/spice console from Lan… It works well on localhost but nothing from outside… netstat says port 5900 listening on 0.0.0.0 but nmap says port 5900 is filtered… how to fix it?
You need to do some testing, particularly since your issue is probably unique to you and not a wider problem.
- Localhost is a fairly special network interface. On the same machine, connect to the interface assigned your network address, which is different.
– VNC doesn’t necessarily use spice, so I don’t know what you mean by VNC/spice. You have to be not only precise in your description, because each client uses different ports, you need to verify those ports are open in your firewall (You can also test whether it’s a firewall issue by temporarily dropping your firewall during testing). - If you’re using VNC, you have to (or should) install using the YAST - Remote Administration module which will install the X server required for graphical remote connections (Although it used to always be installed by default, today it’s not). Once this X server is installed, then not only VNC but other remote graphical consoles like X over SSH and likely any Spice client will work. Spice is an optional protocol which can be used by various clients, so needs special configuration.
- IIRC port 5800 should be the default port the VNC client uses, and port 5900 is the default port the VNC Java applet uses (normally running in a web browser), so depending on what you’re doing (actually both VNC clients should be used for testing) you may be probing the wrong port. If you properly installed VNC using the YAST module, there is a configuration file that defines the VNC configuration (including display resolution) assigned to each port.
The community docs for VNC on opensuse is at the following link and IMO covers the topic fairly well
https://doc.opensuse.org/documentation/leap/reference/html/book.opensuse.reference/cha.vnc.html
And, as long as you have your virtual networking set up properly, implementing VNC is no different than working with physical machines.
HTH,
TSU
The VNC is part of the Virt Manager i have installed… Normaly it works out of the box…
Is there maybee a firewall blocking the trafic?
Please be more detailed in your original post describing your situation.
So now, you are saying that you are describing the use of VNC by libvirt and not a standalone VNC install.
Usual network troubleshooting methods is a good start, so for instance use telnet to probe the port (As I’ve described, it’s important that you accurately know which ports to probe).
Any personal firewall would need to be configured properly, by default openSUSE provides a YAST module to start/stop and configure IP Tables, so that should be easy to do.
And, you can try using the VNC client installed separately for testing, and as I described you can also test by using X over SSH.
More than likely it’ll be a networking problem and each of the methods I describe narrow down whether required ports are blocked or whether the problem might be the remote console client app. As I’ve described, unless something has changed I’m not aware of, the regular VNC protocol is used and not Spice.
TSU
Hi… yes its the vnc server in libvirt/kvm/qemu… netstat says it is listening on 0.0.0.0:5900 but the port is not open if i try a scan from outside… i have tried to open vnc service on the firewall, causing all ports 5900-5999 beeing visible on network scan but filtered. Disabling the firewall by pressing stop button doesent help…
You’re likely probing the wrong port…
Port 5900 is used by default only if you’re using the VNC Java applet (typically running in a web browser).
Port 5800 is the default port used by 5900 when using the VNC client (non Java).
Also, more importantly is that libvirt/virt manager uses entirely different ports. The various transports are described in the libvirt documentation as follows
If you stop the firewall service and you still have a problem then your problem is not caused by network port blocking.
Also,
I don’t remember whether you stated that you installed your virtualization using the YAST virtualization module which should have set up everything for you properly. If you didn’t, then you should probably remove all virtualization you installed… and may even require purging the system looking for all files and directories related to the virtualization you’re running before re-installing.
Else, another important factor could be how you’re connecting to the remote server… The following lists several supported and required URIs to successfully connect…
TSU