Excerpt from the VNC FAQ Page

Source : http://www.uk.research.att.com/vnc/faq.html

 

Q20 My viewer failed to connect to my server!

VNC relies on a correctly-configured and operational TCP/IP network, so please make 100% sure that your TCP/IP setup is right before you start asking questions on the mailing list. Here are some things you should check before assuming it's a VNC problem; consult your local expert if you don't know how to check them:

  • Can you ping the server machine from the client?

  • Is the VNC server definitely running on the server machine?

  • The server listens on port 5900+displaynumber. Can you telnet to this port from the client machine?

  • Have you specified the address correctly to the viewer? If you're using a display number other than zero for the server, (usually the case on Unix machines), did you remember to specify it?

  • Is the server name known to the DNS? Try using an explicit IP address instead of a name (eg. 123.456.78.9:0 instead of snoopy:0).

  • Do you have any firewalls or proxies in the way that could be blocking acess?

  • If using the java client, did you remember to specify the correct port as part of the URL? (eg. http://snoopy:5800)?

  • Can you try running either the server, or the client, or both, on different machines on your network to find whether the problem is at one end or the other?

  • Can you try running the software on a different architecture? eg., if you are having problems viewing a PC from another PC, can you try connecting from a Unix machine?

    •  

    Q51 Will VNC work through a firewall?

    It depends on your firewall, and whether you want to access a server inside your firewall from elsewhere, or a server outside your firewall from inside.

    Generally firewalls are designed to prevent incoming connections except to certain well-known machines and ports. If you can configure these to include your VNC server, then you will be able to access it from anywhere in the world. There is a good argument to be made for the fact that VNC is less of a security risk than X, so if your site doesn't allow X in or out it may still allow VNC.

    Many modern firewalls will allow outgoing connections initiated from inside, so you can often access servers on outside machines. It is straightforward, for example, to recompile the viewer source to include SOCKS support, or to make other special arrangements. See the contribs page.

    It's a pity that Java within a browser doesn't automatically use SOCKS if the browser is configured to use it. There's probably Java SOCKS support out there somewhere...

    If your internet access is through a router which does Network Address Translation, you may be able to configure the router to redirect particular incoming ports to particular machines. So you could run WinVNC with a display number of 0 on machine snoopy, and with display 1 on machine woodstock, then set your router to send port 5900 to snoopy and 5901 to woodstock. See below for information on the other port numbers used by VNC.

     

    Q52 Which TCP/IP ports does VNC use?

    A VNC server listens on two ports. The exact port numbers depend on the VNC display number, because a single machine may run multiple servers. The most important one is 59xx, where xx is the display number. The VNC protocol itself runs over this port. So for most PC servers, the port will be 5900, because they use display 0 by default.

    In addition, VNC servers normally have a small and very restricted web server built in, which allows you to connect a browser to them and use the Java viewer. This runs on port 58xx. Note that this is the HTTP port used for downloading pages and applets, but once the applet is running it uses 59xx for VNC just like any other viewer.

    The servers can be changed to listen on other ports if, for any reason, these are not suitable for you. See the server's documentation for more details. Most of the viewers, if given a display number larger than 99, will interpret it as a direct port number and will not add 5900. See also the next question.

    If you are running a viewer in 'listening' mode, where it accepts connections initiated by the server, it will listen for incoming VNC on port 5500.

     

    Q53 Can I run VNC over a port normally used for a standard service? (eg. port 21, or port 80)

    In rare circumstances, people may want to do this, perhaps because they have a firewall which only allows connections to certain ports. This can be done, at least for the Windows and Unix servers (see their documentation), but the following points need to be borne in mind:

  • On some systems (eg. most forms of Unix), ordinary users are not allowed to run servers on ports below 1024.

  • You obviously can't run a VNC server on a port that's already being used for other things.

  • Many VNC servers use two ports: one for the VNC server, and one for the HTTP server that provides the Java applet (see previous question). If you plan to use the Java viewer, you may want to change both. Not all servers will allow this at present.

  • You need to tell the viewer the right display number. Normally, display numbers come between 0 and 99. If you specify any number smaller than 99, the viewers add 5900 to get the port number. If you specify a larger number, the viewers take it as a port number directly. So how do you use port numbers lower than 99? You have to specify a negative display number! For example, to connect to a server running on port 80 on machine 'snoopy':

  • vncviewer snoopy:-5820

  • because -5820 + 5900 = 80. This may not work with all viewers, but Unix and Windows seem to be fine.

    • ppy/1.27.2001