Solution:
That hadn't nothing to do with iptables. It was an issue with my router blocking all ports.
I just added a rule to allow incoming connections to VNC ports.
Question:
I'm getting literally crazy.
I'm on CentOS 6.6 and I just want to add a simple rule to iptables in order to open port 5901 (vnc server) and allow incoming connections.
Here's how I edited iptables file:
vi /etc/sysconfig/iptables
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
Then I restarted both vncserver and iptables.
Here's the output of iptables -L
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:vnc-800x600x16
Here is the output of iptables -v -n -L:
Chain INPUT (policy ACCEPT 4428 packets, 5769K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5901 –
Now:
- If I try to connect with a vnc client (remotely, not within the LAN, where it works), I got a timeout connection error
-
If I check for open ports with nmap, I got:
port 5901 filtered
Services are running fine.
I also tried to disable SELINUX, without any lucky.
Best Answer
Try connecting without iptables running at all. Just to check this is really a iptables problem.
The other thing that comes to mind is that there could be some problem with handling RELATED packets (which seems weird since INPUT policy is ACCEPT).
Also this could happen if your server cannot talk back to the client, so check OUTPUT chain and your routing as well.