Fedora Linux Support Community & Resources Center
  #1  
Old 17th March 2017, 09:58 AM
Doug Hutcheson Offline
Registered User
 
Join Date: Jun 2009
Location: Queensland
Posts: 270
linuxfedorachrome
Screen sharing works on one machine and not the other

I have two freshly-installed F25 laptops. As far as I can tell (which is pretty good) I have set them up the same.

On machine A, I can use Vinagre to view the same machine's desktop on display :0. All attempts to view machine B result in an immediate 'Connection closed" dialog.

On machine B, all attempts to view that machine's desktop result in the "Connection closed" dialog. Machine B can connect with machine A without problems.

Machine A can connect to machine B via ssh, sch, rsync etc, so the network is OK. It MUST be something to do with the vnc/vino configuration on B, but I am not seeing it and am going round in circles.

Any suggestions would be gratefully received.

Cheers,
Doug

------------------------------------------------------------------------------------

If all else fails, try the obvious. On the machine with the problem, I checked the firewall and found everything correct. I then ran nmap over that machine and found all ports are closed, in spite of the firewall settings.

I am baffled: how do I open ports if not through the firewall?

------------------------------------------------------------------------------------

Even this does not work:
Code:
[root@KETCHUP ~]# nmap -p 5900 192.168.0.180

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-18 14:45 AEST
Nmap scan report for KETCHUP (192.168.0.180)
Host is up (0.000056s latency).
PORT     STATE  SERVICE
5900/tcp closed vnc

Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
[root@KETCHUP ~]# iptables -A INPUT -p tcp --dport 5900 -j ACCEPT
[root@KETCHUP ~]# nmap -p 5900 192.168.0.180

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-18 14:46 AEST
Nmap scan report for KETCHUP (192.168.0.180)
Host is up (0.000061s latency).
PORT     STATE  SERVICE
5900/tcp closed vnc

Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds
[root@KETCHUP ~]#

Last edited by Doug Hutcheson; 18th March 2017 at 05:52 AM. Reason: Found ports are closed
Reply With Quote
  #2  
Old 17th March 2017, 02:04 PM
bobx001 Online
Registered User
 
Join Date: Dec 2012
Location: santa barbara, CA
Posts: 339
linuxfedorafirefox
Re: Screen sharing works on one machine and not the other

iptables -F on both boxes ?
Reply With Quote
  #3  
Old 18th March 2017, 05:57 AM
Doug Hutcheson Offline
Registered User
 
Join Date: Jun 2009
Location: Queensland
Posts: 270
linuxfedorachrome
Re: Screen sharing works on one machine and not the other

Quote:
Originally Posted by bobx001 View Post
iptables -F on both boxes ?
Thanks for replying bobx001.

I ran 'iptables -F' on both boxes as you suggested, without luck.

I have forgotten the little I taught myself about iptables : how do I compare the the iptables of the two machines, to see if I can spot an obvious stupidity?

(Sigh! Growing old is as much fun as I expected ... )
Reply With Quote
  #4  
Old 18th March 2017, 08:02 AM
bobx001 Online
Registered User
 
Join Date: Dec 2012
Location: santa barbara, CA
Posts: 339
linuxfedorafirefox
Re: Screen sharing works on one machine and not the other

When I run VNC on the "server side", I run it like this:

x11vnc -noscr -no6 -noipv6 -xkb -passwd ******* -autoport 5788 -auth /var/run/lxdm/lxdm-:0.auth -display :0
of course I first check if the Display Manager and Xorg is actually running on screen :0 (ps -ef | grep Xorg)

If I don't specify the -auth , then when trying to connect with the client, I also get the connection refused dialog, "usually unless", I have executed xhost + on both machines too.

I use the -auth .... with the Display Manager, so I can even connect before I log in.

maybe also SElinux is biting you in the rear, I always disable that ****.
Reply With Quote
  #5  
Old 19th March 2017, 09:31 AM
Doug Hutcheson Offline
Registered User
 
Join Date: Jun 2009
Location: Queensland
Posts: 270
linuxfedorachrome
Re: Screen sharing works on one machine and not the other

Quote:
Originally Posted by bobx001 View Post
maybe also SElinux is biting you in the rear, I always disable that ****.
Thanks for sticking with me on this. "8-)

SELinux is enabled on both machines, but I will try disabling it on the problem machine - KETCHUP - and see what happens.

More troubling is that the open ports reported by nmap on KETCHUP bear little resemblance to the settings I have established in firewall-config, where I have ticked services dhcpv6-client, mdns, samba-client, ssh and vnc-server. Specifically, I have not opened ports 80, 111, 443 or 631 and I have opened 5900-5903.
Code:
[root@KETCHUP ~]# nmap 192.168.0.180

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-19 18:16 AEST
Nmap scan report for KETCHUP (192.168.0.180)
Host is up (0.000016s latency).
Not shown: 995 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
111/tcp open  rpcbind
443/tcp open  https
631/tcp open  ipp

Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
631 is CUPS/printing of course and I print FROM that port. I suppose it might have to be open to receive replies from the printer, but I would have thought that would be automatically provided for through the connection established from the computer to the printer - no? I don't need 631 open for anyone to print through KETCHUP as it has no printers attached.

The whole thing seems to be a case of firewall-config not working with the 'real' iptables.

For interest, I have listed the iptables on each machine and run a diff over them - see attached. There are a few differences and I don't know enough to know whether those are crucial.

------------------------------------------------------------

I am working through the firewall-cmd doco and ran this:
Code:
[root@KETCHUP ~]# firewall-cmd --zone=FedoraWorkstation --list-all
FedoraWorkstation (active)
  target: default
  icmp-block-inversion: no
  interfaces: wlo1
  sources: 
  services: dhcpv6-client samba-client mdns ssh vnc-server ftp
  ports: 1025-65535/tcp 1025-65535/udp 5900-5903/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:
So firewall-cmd thinks the ports and services I want are enabled - it is just not happening in the real world.
Attached Thumbnails
Click image for larger version

Name:	Screenshot from 2017-03-19 17-53-07.png
Views:	6
Size:	61.0 KB
ID:	27000  

Last edited by Doug Hutcheson; 19th March 2017 at 11:03 AM. Reason: firewall-cmd output
Reply With Quote
  #6  
Old 19th March 2017, 09:52 AM
bobx001 Online
Registered User
 
Join Date: Dec 2012
Location: santa barbara, CA
Posts: 339
linuxfedorafirefox
Re: Screen sharing works on one machine and not the other

Well

the way I would attack this problem is to "disable" as much as you can first, until you get a working environment, and then start adding "firewalls" and stuff, until you see what breaks it.


Code:
su -
systemctl disable firewalld.service
reboot
su -
iptables -F
then test !


On a personal note, I never, ever use firewalld, and I always use iptables -F after booting (NOTE: it won't work on /etc/rc.d/rc.local cuz the iptables rules are launched after that).

And if anyone with a win$crap computer comes home and wants to get online, I just tell them to go to the nearest coffee shop, "not in my home buster !"
Reply With Quote
  #7  
Old 19th March 2017, 11:20 AM
Doug Hutcheson Offline
Registered User
 
Join Date: Jun 2009
Location: Queensland
Posts: 270
linuxfedorachrome
Re: Screen sharing works on one machine and not the other

Quote:
Originally Posted by bobx001 View Post
And if anyone with a win$crap computer comes home and wants to get online, I just tell them to go to the nearest coffee shop, "not in my home buster !"
Code:
[root@KETCHUP ~]# systemctl disable firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/basic.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@KETCHUP ~]# systemctl stop firewalld.service

then

[root@womble doug]# nmap KETCHUP

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-19 20:13 AEST
Nmap scan report for KETCHUP (192.168.0.180)
Host is up (0.10s latency).
Not shown: 995 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
111/tcp open  rpcbind
443/tcp open  https
631/tcp open  ipp
MAC Address: AC:72:89:BC:0A:D9 (Intel Corporate)

Nmap done: 1 IP address (1 host up) scanned in 2.34 seconds
[root@womble doug]#
Hmmm ... getting a bit better - now I can see more ports, but not 5900-5903 which are the crucial ones. Excuse me while I go outside and scream. "8-[

I don't particularly care that http and https are open and I have no idea what rpcbind is doing there, but it would be nice if I could open 5900-5903 now that the firewall is down. Sigh.

I can't take your suggestion of rebooting just yet until a looooong file copy finishes. I'll let you know.

And don't worry - this house is a Windoze-free zone. "8-)
Reply With Quote
  #8  
Old 19th March 2017, 11:48 AM
bobx001 Online
Registered User
 
Join Date: Dec 2012
Location: santa barbara, CA
Posts: 339
linuxfedorafirefox
Re: Screen sharing works on one machine and not the other

awesome, copy your file first, then drastify.

Good one ! , no need for the extra firewalls. That's all hysteria.
Reply With Quote
  #9  
Old 20th March 2017, 12:03 AM
Doug Hutcheson Offline
Registered User
 
Join Date: Jun 2009
Location: Queensland
Posts: 270
linuxfedorachrome
Re: Screen sharing works on one machine and not the other

Quote:
Originally Posted by bobx001 View Post
awesome, copy your file first, then drastify.
Chuckle! Love the image. "8-)

I thought of copy-and-paste to make both firewalls the same, but the question is which - iptables text rules files, or firewall-cmd XML file(s)?

Here is another puzzlement. On my own machine, I disabled iptables and firewalld services, then rebooted. I expected to see all my ports open in the absence of a firewall, but I am still only seeing the ones that were open with the firewall running:
Code:
[doug@womble ~]$ nmap womble

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-20 08:52 AEST
Nmap scan report for womble (192.168.0.105)
Host is up (0.00017s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
111/tcp  open  rpcbind
5900/tcp open  vnc

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
[doug@womble ~]$
I must be misunderstanding something. What controls port access if not the firewall? Colour me confused.

------------------------------------------------------------

Re-reading my original post, I see I told a fib - unintentionally of course! One machine (womble) was a fresh installation of F25; the other was the addition of a new user to my old development machine called KETCHUP. I did not repave KETCHUP because it has too much valuable stuff I don't want to wipe until I am sure I have everything I need on womble. My goal is to be able to see and control the screen of the new user on KETCHUP from womble. At the moment I can only control womble from KETCHUP which does not quite fit the bill. "8-(

Last edited by Doug Hutcheson; 20th March 2017 at 12:11 AM. Reason: Confession
Reply With Quote
  #10  
Old 20th March 2017, 03:21 AM
cazo Online
Registered User
 
Join Date: Sep 2005
Location: Redneck Riviera
Posts: 385
linuxfedorachrome
Re: Screen sharing works on one machine and not the other

If you are using vino-server on KETCHUP, I believe a user has to be logged in (and that user's Screen Sharing enabled).
Reply With Quote
  #11  
Old 20th March 2017, 04:14 AM
Doug Hutcheson Offline
Registered User
 
Join Date: Jun 2009
Location: Queensland
Posts: 270
linuxfedorachrome
Re: Screen sharing works on one machine and not the other

Quote:
Originally Posted by cazo View Post
If you are using vino-server on KETCHUP,
Hi cazo. Thanks for the help.

Screen Sharing is on for both machines. Both have vino-server installed
Code:
[root@KETCHUP ~]# dnf install vino*
Last metadata expiration check: 0:26:04 ago on Mon Mar 20 12:43:35 2017.
Package vino-3.22.0-1.fc25.x86_64 is already installed, skipping.
Dependencies resolved.
Nothing to do.
Complete!
[root@KETCHUP ~]#
I cannot find any trace of vino or vino-server actually running, but something is serving my desktop on womble. How do I find out hat that something is?

As far as I can see, my system (womble) is running neither vino-server nor any flavour of vnc, so how it is connecting and working through vinagre is a mystery to me:
Code:
[root@womble ~]# ps -al | grep vino
[root@womble ~]#
[root@womble ~]# systemctl status vino-server
Unit vino-server.service could not be found.
[root@womble ~]# ps -al | grep vnc
[root@womble ~]#
[root@womble ~]# systemctl status vnc-server
Unit vnc-server.service could not be found.
I must be looking for the wrong thing. What is successfully serving my desktop to port 5900 if not vino-server nor vnc?

Of course, this still does not solve my problem of ports being closed when no firewall appears to be in operation. I have disabled and stopped firewalld and iptables, so expected all my ports to be open, but no. Sigh.

How do I find out what is closing and opening ports in the absence of any firewall?
Reply With Quote
  #12  
Old 20th March 2017, 04:49 AM
cazo Online
Registered User
 
Join Date: Sep 2005
Location: Redneck Riviera
Posts: 385
linuxfedorachrome
Re: Screen sharing works on one machine and not the other

Code:

netstat -nlp | grep 5900

tcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN      2152/vino-server    
tcp6       0      0 :::5900                 :::*                    LISTEN      2152/vino-server
Edit: This is on the remote system.

Last edited by cazo; 20th March 2017 at 05:06 AM. Reason: clarification
Reply With Quote
  #13  
Old 20th March 2017, 05:05 AM
cazo Online
Registered User
 
Join Date: Sep 2005
Location: Redneck Riviera
Posts: 385
linuxfedorachrome
Re: Screen sharing works on one machine and not the other

The way I do it is to enable the user's automatic login(under Settings/Users, enable Screen Sharing (and Remote Login) under Settings/Sharing on the "remote" (mine is headless with no keyboard/monitor), and enable "vnc-server" on both machines (with firewall-config).
Reply With Quote
  #14  
Old 20th March 2017, 06:04 AM
Doug Hutcheson Offline
Registered User
 
Join Date: Jun 2009
Location: Queensland
Posts: 270
linuxfedorachrome
Re: Screen sharing works on one machine and not the other

My local system, which had me puzzled, reports:
Code:
[doug@womble ~]$ netstat -nlp | grep 5900
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN      5228/vino-server    
tcp6       0      0 :::5900                 :::*                    LISTEN      5228/vino-server
So vino-server is alive and well on my system, even though I cannot see it with ps -al. Thanks very much for solving that mystery for me.

Now I have a confession: I thought my wife was using Gnome on Xorg, but I was wrong. I set her up with Gnome on Xorg and suddenly everything is working! I am still puzzled by a few things, but can forget them for the moment.

Now I have a different problem: using Xorg, I cannot set my wife's mouse to left-handed! SCREAM!!. Still, that is a problem for a different thread. Many thanks to all for your help - I have learned a lot. "8-)

-----------------------------------------------------

If anyone is interested, the following command issued via an ssh session while no-one was logged into Gnome solved the problem:
Code:
[root@KETCHUP carol]# gsettings set org.gnome.desktop.peripherals.mouse left-handed true

(process:7593): dconf-WARNING **: failed to commit changes to dconf: The connection is closed
Ignore the warning - when my wife logged on, the mouse was left-handed.

Last edited by Doug Hutcheson; 20th March 2017 at 06:54 AM. Reason: Got the mouse working
Reply With Quote
  #15  
Old 20th March 2017, 09:07 AM
bobx001 Online
Registered User
 
Join Date: Dec 2012
Location: santa barbara, CA
Posts: 339
linuxfedorafirefox
Re: Screen sharing works on one machine and not the other

ps -ef is more thorough
Reply With Quote
Reply

Tags
machine, screen, sharing, works

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sharing a virtual machine machine folder with the host camilobm23 Servers & Networking 2 4th January 2016 04:23 PM
sharing internet to a windows machine gebezis Servers & Networking 10 26th January 2006 09:51 AM


Current GMT-time: 00:42 (Monday, 27-03-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat