Recommended Posts

Hello, I am facing issue  , I need to access google cloud hosted compute machine running centos 7  on my windows 8 laptop 

I am successful at making ssh connection 

However, vnc connection doesn't work with my university network but runs fine on my cellular data or other external networks

I tried changing the port number of vnc server from 5900 to 35548 but that doesn't work

I even tried the ssh tunneling via putty as shown in a video on youtube but again it seems to have used the same port number as 5900 

I suspect that this university network 5900 ,also earlier when I hosted windows 2012 server its rdp didnot work on the university network

Also ,tried teamviewer but teamviewer doesnot work on server 

Going to univ network center is my last option .Please help

What exactly are you trying to do??

 

Your trying to access google compute machine??

 

Sounds like your trying to circumvent your univ filtering of outbound connections??  If you can make a ssh connection to this compute vm, then you could tunnel through that connection and do whatever you wanted, vnc, etc. Yeah if your server is 5900 that would be the port you would use, just through the tunnel.

 

Not sure what your question is about 2k12 and rdp?  Without details of network impossible to say what you were doing wrong.  As to TV running on server versions of windows - yeah it does!

Ok, sorry for all this messed up things, I am completely new to linux and networking when it comes to practical.

I will go again on my problem , I have a google compute instance (server) running on google datacenters. I have installed centos 7 on my remote server. I can access the centos 7 remotely via ssh connection in Putty . My laptop has normal windows os i.e. windows 8.

In order to take graphical access I need vnc access . Thus , I installed tiger vnc server on my remote server. Then tried to take access by the vnc viewer , vnc viewer fails on my university network  . But is fine on any external net such as cellular data or dongle. Now this is surely some port blocking or firewall , mostly port 5900 I  guess  . Going to university network center is an option but its the last one. I saw that through ssh tunnel we can tunnel our vnc connection .So I watched few videos on that but it doesn't seem to help (maybe I am doing something wrong)  ,Here are few things that I tried and failed

1) Changed the vncserver port from 5900 to some random port value  3400 etc (taken into account the consequences such as adding new port to firewall,etc)

    It changed , but it gave me strange results , like when vncserver was actually running it wasn't listening on that particular port

   The proof is that when I netcat i.e.when I type in my centos 7 terminal  nc 189.134. 5901 I get a reply as RFB 03.something (which means my vnc is working fine on ip:5901)

  When port number was changed I typed same command with different port number say nc 189.134.wahtever 35549 , I got reply as connection timed out or refused.

 I tried all types of things, accessed log files of vncserver find out what port its running on, even examined the process and tcp connections using netstat ,everything was normal only it wasn't  listening on that port.(nc command never returned me RFB as a response)

    Here's how I changed it http://itstudent.org/blog/?p=631

    But it failed too.

 

2) I tried tunneling as per shown in videos 

     opened putty -> loaded normal ssh configuration file ->, then in tunnels option entered source port as 5901 and destination as localhost:5901 or even tried this  "server external ip address:5901"

    and  -> then opened the vnc viewer entered, localhost:5901 or server ip address:5901 and then tried to connect but failed again. 

 

If this doesn't form a correct picture do let me know , I am noob in this so I don't know how to do this stuff exactly. Sorry again for any inconvenience. And yes I am not trying to circumvent my univ network. Its just I am avoiding to go there. As a last option I would go. Thank you for your help and feedback . You were the quickest. 

 

Tunneling Screenshot.png

Tunneling Viewer Screenshot.png

VNC Viewer Screenshoty.png

Umm why would you try to VNC onto "localhost" on any port? localhost is your own computer, the same one you are running vnc on, are you trying to use port translation?...also are you sure you have configured the port on your client and on the server too cos it sounds like the server isn't expecting you to use any port other than 5901.

 

Can't you reconfigure the port on the server and just use the same port on both ends?

 

5901 is a common vnc port and on a uni network it was bound to be disabled as they probably use it themselves.

Check these out:

 

http://www.uaf.edu/arsc/knowledge-base/vnc-and-ssh-port-fowardin/index.xml

 

https://intranet.cs.hku.hk/csintranet/contents/technical/howto/putty-portforward.jsp

 

http://cects.com/ssh-local-and-remote-port-forwarding-with-vnc/

 

This may also be your problem, your vnc session may have been blocked by the server:

 

http://stackoverflow.com/questions/26813070/google-compute-engine-getting-blocked-after-accessing-ssh-a-few-times

 

Apparently you might need to whitelist your university IP on the server to stop it blocking you, if that's what is happening.

"And yes I am not trying to circumvent my univ network. Its just I am avoiding to go there"

 

Huh???  In one sentence you say you can not get to your google compute machine from your univ, then you say your trying to avoid going there - go where?  Google compute?

 

Lets go over some basics.. Does not matter where you currently at!!

 

Can you ssh to your google compute machine?  If so vnc is listening on what port? 5901?  On what IP?  Its public IP, its loopback, all of them?  from your ssh connection to your google compute box do a netstat or sockstat for your listening ports.  What does it show listening on 5901??

 

Does not matter firewall at your location, or firewall at other location if you can ssh then you can tunnel through this ssh tunnel and hit the remote machine vnc..

 

Yes in a ssh tunnel, the port you listen on locally can be anything, you connect to this local listening on port with your vnc client after you have created the ssh connect with the tunnel.  Your ssh client than ses oh traffic to my local port X, send it down the tunnel to IPX:portY..

 

There are a bajillion guides on the net on how to vnc through a ssh tunnel..

Thank you all ,For your response 

The thing is I am avoiding to go to network center at my university because they are very slow people and will take lot of explanations to explain them , Basically they are not so cooperative , thats why I am avoiding them( network people at my univ ) ,If it is the case that google compute machine has blocked my ip then ,I will need to contact them . Which I will do if all fails. My tunneling is flop because I dont know much of it ,It was very first time , Thank you PsychoKilla for the links ,I will surely try those. As +budman has suggested I will try netstating or sockstating the server and examine the case more deeply. 

And Psychokilla - I tried to reconfigure the vnc server base port which is 5900 to some random say 3400 but it fails .

I dont think it is needed to reconfigure the port on vnc viewer(correct me if I am wrong)  as we specify the the port for connection say server ip addeess :5901  like that . So just the new port right ? like server ip address:3401 . 

Also I dont think I need to install ssh daemon on server as it is installed by default and I can connect to it using my putty . So the server side ssh server is taken care of. 

I will try all the solutions listed by you both and will let you know the results asap . Thank you again . 

For some VNC viewer clients, including the one you're using, to specify a different port, you do so after a double colon, rather than a single colon, e.g 127.0.0.1::5901 (see the text underneath the "Remote Host" textbox)

 

This is because linux systems can run multiple 'displays' which can be connected to via VNC, and they use the single colon notation for the display number, to connect on a different port, you need to use two colons.

 

Note, you only enter the port like this in your VNC client, not in Putty when you're configuring the tunnelling, use the single colon notation there.

Hey, Guys thank you for your solutions it was great to get feedback from you. I am happy to announce that my problem has been finally solved. What I did is listed below

 1) Instead on vnc used xrdp which is RDP server for linux server os. 

Why? because I couldn't properly get vnc running on the server. It was working fine then I don't know exactly I installed something did many tuts on that and it started malfunctioning i.e. I was not able to start that typical vncserver.service.1 so I reset my google instance, installed vnc again and was again stuck with vncserver.service .1 ( the name is not perfect but somewhat like that) not being able to start. But service.2 something was able to start which runs on display 2 and when you take access (through the external net) it used to give me an error message on my remote desktop as something went wrong log out and all. I think it was due to my main display wasn't shift to display 2. I also realized that I didn't add ports 5900 into the firewall.Google Cloud has another networking section in its console browser window and if we don't add firewall rules there we can't realize them in our VM even if we add them on the VM's os like using some command to add them to firewall in a Linux terminal. Also, tried that random port experiment again and was succeeded in running vnc server on port 17333 but got blocked in a proxy net of university when trying to view through vnc viewer. So basically vnc started giving many problems.

Link to install xrdp-  http://www.itzgeek.com/how-tos/linux/centos-how-tos/install-xrdp-on-centos-7-rhel-7.html

2) Confirmed that it wasn't port issue 

In this what I did is made sure that it wasn't the fault of port 5900, I started a vncserver on windows(on my laptop) using TightVNC (It's free and easy to install)  and tried to take its access from my android device using Remote Ripple (TightVnc's android vnc viewer) and was succeeded as android and laptop were on the same network, repeated it by replacing android with the other PC on the network was again succeeded. So that made sure that it wasn't with the port number.

 

3) Then as  PsYcHoKiLLa suggested it may be that server was blocking my ip address  (this is because this univ has strange IP addresses may be due to they have the different net, even  Instagram doesn't let me like anyone's post as it says I have a different IP address, I used to thought it was proxy)

But I didn't know how to exactly stop that, as the link provided talks about ssh server blocking the ip address . I was unsure if the vnc does the same. So I was planning to investigate this matter in detail.

 

4) Successful Tunneling, After searching this link http://cects.com/ssh-local-and-remote-port-forwarding-with-vnc/ provided by  PsYcHoKiLLa I was pretty sure that I would be able to do this but again got stuck at running this command  ssh -R 6999:localhost:5901 user@192.168.1.3 (don't  worry I replaced username and IP address with the relevant one ). I was having problem with ssh keys which are established at the start of the session , basically, vm has to be transferred public or private key and whenever it needs to authorize it checks those keys.Now I was connecting through putty on windows, And putty doesn't send any keys to vm. Although google chrome's ssh extension was able to do it ,and through that I was able to run that port forward command too but It didn't help when I again tried to connect vnc or rdp by saying localhost:portnumber , All steps were like those mentioned in the link.But I guess that would have been beneficial if that would have happened through putty. 

Then I thought I would tunnel the rdp through ssh 

Link -http://klinkner.net/~srk/techTips/ssh-remote/

Followed this tutorial  very religiously and boom, I was able to rdp the server via ssh tunnel

I realized that when tunneling through Putty, Putty provides the easy GUI called tunnel option on the left panel to add port forwarding rules.(Although, in previous tuts, I followed the same step but was entering IP addresses and port numbers in a wrong way)

 

5) Future plan & Current Problem - Although, I am successful at making a tunnel through ssh for xrdp , The performance of xrdp was slow, I think it maybe due to the internet speed or maybe xrdp is simply not that good enough as vnc.

Plan - Now I got how this port forwarding thing works in Putty windows, Its just a matter of time that I will reformat the VM instance and tunnel the port 5900 through ssh. And have an uninterrupted vnc session.

 

6) Final Thoughts - I think the problem was server was rejecting my connection due to strange IP address , I guess. I am working in IITB currently so they must be having a different net. Still I am not sure as in this was only the problem.

 

7) Some useless Stuff that got tried - Tried changing proxy settings here, we have two lines in our office ,one is normal university line and other is startup line , But both uses same firewall .So switching was useless. 

 

Thank You once again, Guys.

I am pasting the link again as the final solution -  http://klinkner.net/~srk/techTips/ssh-remote/

 

 

 

 

Yes tried that , It works , the vnc port number got successfully changed ,although I had to add that port number into firewall specified by google  cloud's networking section. (that networking section can be found on console.google.com and on left side menu you will see networking)

But even though I change it to random port number and the service successfully runs there ,still I wasn't able to view it in my vnc viewer by university internet. (while vnc viewer connected when using external net such as my cellular data ,3G I use on my phone).

All pointing to only one inference that port numbers weren't blocked here and it was my wrong assumptions at first hand that ports are blocked.

New update - I was able to do vnc connection via Putty ssh tunnel  while remaining on university net. Although ,its not opening in my desired dimension ,that something seems to be little problematic but trivial,I will take care of it later

This topic is now closed to further replies.
  • Posts

    • "What's that? Microsoft recommends Intel CPUs? My next computer must have Intel then." - Nobody
    • Apple warns Australia against joining EU in mandating iPhone app sideloading by David Uzondu Apple has issued a warning to Australia, essentially telling the country not to follow the European Union's lead in making iPhone app sideloading a requirement. This communication comes as the Australian federal government considers new rules that could force Apple to open up its iOS ecosystem, much like what happened in Europe with recent legislation. Since iOS 17.4 and iPadOS 18, users in the EU have been able to get apps from outside the official App Store, a direct consequence of the DMA designating Apple as a "gatekeeper". The Australian government floated a proposal in a paper released late last year. The paper suggested "designating" digital platforms like Apple's App Store. Being designated this way means these platforms would have to follow new rules intended to keep them from limiting competition. The government pointed to Apple's in-app payment system, which usually comes with a commission, and the lack of sideloading as likely targets for regulation. Right now, apps like Netflix and Spotify can't let users subscribe through their iOS apps without giving Apple a big cut, and they're not even allowed to tell users where to find a better deal. Apple, in its response to this Australian paper, stated that Australia should not use the EU's Digital Markets Act "as a blueprint". The company's core argument is that the changes mandated by the EU's DMA, which came into full effect in March 2024, introduce serious security and privacy risks for users. Apple claims that allowing sideloading and alternative app stores effectively opens the door for malware, fraud, scams, and other harmful content. The tech company also highlighted specific concerns from its European experience, alleging that its compliance there has led to users being able to install pornography apps and apps that facilitate copyright infringement, things its curated App Store aims to prevent. Apple maintains that its current review process is vital for user protection, and that its often criticized 30% commission applies mainly to the highest earning apps, with most developers paying a lower 15% rate or nothing. It is worth noting that Apple's implementation of DMA requirements in the EU, which includes a "Core Technology Fee" for apps distributed outside its store, has already drawn scrutiny from European Commission officials who question if these measures truly comply with the DMA's idea of keeping the market fair. The Australian government has not yet detailed its next steps in this process, and the Treasury still needs to publish the full submissions to its proposal paper, including Apple's complete arguments. Source: The Guardian
    • Oh the Chinese crybabies who couldn't accept the fact that they lost GOTY to Astro Bot? Not interested
    • Download this SQL Essentials For Dummies eBook (worth $10) for free by Steven Parker FOR DUMMIES is a trademark of John Wiley & Sons, Inc. A right-to-the-point guide on all the key topics of SQL programming SQL Essentials For Dummies is your quick reference to all the core concepts of SQL—a valuable common standard language used in relational databases. This useful guide is straightforward—with no excess review, wordy explanations, or fluff—so you get what you need, fast. Great for a brush-up on the basics or as an everyday desk reference, this book is one you can rely on. Strengthen your understanding of the basics of SQL Review what you've already learned or pick up key skills Use SQL to create, manipulate, and control relational databases Jog your memory on the essentials as you work and get clear answers to your questions Perfect for supplementing classroom learning, reviewing for a certification, and staying knowledgeable on the job, SQL Essentials For Dummies is the convenient, direct, and digestible reference you've been looking for. Claim your complimentary eBook worth $10 for free, before the offer ends on June 17. How to get it Please ensure you read the terms and conditions to claim this offer. Complete and verifiable information is required in order to receive this free offer. If you have previously made use of these free offers, you will not need to re-register. While supplies last! Download the SQL Essentials For Dummies eBook (worth $10) for free Offered by Wiley, view other free resources The below offers are also available for free for a limited time: Winxvideo AI V3.0 Lifetime License for PC ($69.95 Value) FREE – Expires 6/8 Aiarty Image Enhancer for PC/Mac ($85 Value) FREE – Expires 6/8 Solutions Architect's Handbook, Third Edition ($42.99 Value) FREE – Expires 6/10 AI and Innovation ($21 Value) FREE – Expires 6/11 Unruly: Fighting Back when Politics, AI, and Law Upend [...] ($18 Value) FREE - Expires 6/17 SQL Essentials For Dummies ($10 Value) FREE – Expires 6/17 Continuous Testing, Quality, Security, and Feedback ($27.99 Value) FREE – Expires 6/18 VideoProc Converter AI v7.5 for FREE (worth $78.90) – Expires 6/18 Macxvideo AI ($39.95 Value) Free for a Limited Time – Expires 6/22 The Ultimate Linux Newbie Guide – Featured Free content Python Notes for Professionals – Featured Free content Learn Linux in 5 Days – Featured Free content Quick Reference Guide for Cybersecurity – Featured Free content We post these because we earn commission on each lead so as not to rely solely on advertising, which many of our readers block. It all helps toward paying staff reporters, servers and hosting costs. Other ways to support Neowin The above deal not doing it for you, but still want to help? Check out the links below. Check out our partner software in the Neowin Store Buy a T-shirt at Neowin's Threadsquad Subscribe to Neowin - for $14 a year, or $28 a year for an ad-free experience Disclosure: An account at Neowin Deals is required to participate in any deals powered by our affiliate, StackCommerce. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through the branded deals site.
    • No one is surprised. It goes both ways. Warhammer remake is not on the PS5, but Xbox/PC and Game Pass day 1 and it is NOT a Microsoft owned game (Sega). 100% Microsoft money deal. Timed of course. Sega wins because they get the Microsoft money now then when the deal ends they get the much larger PS audience to make money from. As far as Black Myth is concerned, the Chinese gaming platform market is very much PC then PS then everything else. Consoles were banned in China for years, then allowed and the PS is the console of choice. The release of Black Myth actually saw a PS5 console sale spike because of Chinese gamer's buying PS5's just to play this game. With the ever shrinking Xbox console market I can see a point where 3rd party games try to get Sony exclusive money because the ROI for Xbox console versions of those games is a shrinking endeavor.
  • Recent Achievements

    • One Month Later
      MoyaM earned a badge
      One Month Later
    • One Month Later
      qology earned a badge
      One Month Later
    • One Year In
      Frinco90 earned a badge
      One Year In
    • Apprentice
      Frinco90 went up a rank
      Apprentice
    • Week One Done
      theevergreentree earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      448
    2. 2
      +FloatingFatMan
      247
    3. 3
      snowy owl
      234
    4. 4
      ATLien_0
      200
    5. 5
      Xenon
      146
  • Tell a friend

    Love Neowin? Tell a friend!