iptables configuration for vnc server

If you’re running a VNC (Virtual Network Computing) server like TigerVNC behind a host firewall, the following may be of interest to you.

Here’s the iptables syntax to allow clients to connect to a VNC server on a firewalled host:

-A INPUT -p tcp -m tcp --dport 5900:5904 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5800:5804 -j ACCEPT

This opens TCP ports across the ranges 5900 to 5904 and 5800 to 5804. That would allow up to 4 simultaneous VNC sessions, which should be more than enough for servers. If you’re using VNC to give users access to remote home directories on the server, you’ll probably want to increase that range.

This entry was posted in Security, System Administration on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).