[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Allowing vnc to a domU on xen 3.2



If you want to limit subnets, your best bet is to use iptables to prevent 
unauthorized IPs from logging in.

In order to get VNC to listen on all of your interfaces, you may need to modify 
the guest configurations, as well - some of them may specify 127.0.0.1 in 
addition to it being the xend-config.sxp file.  Look at the config files for 
your domUs and make sure they're set correctly.

After that, you can use vncviewer localhost:<portnumber> on the local Xen 
machine, or VNC Viewer from another machine to connect.

-Nick

>>> On Mon, Feb 9, 2009 at  8:26 AM, James Pifer <jep@xxxxxxxxxxxxxxxx> wrote: 
> I'm running xen-3.2.0_16718_18-0.3. How do you allow someone to vnc to a
> specific domU?
> 
> I changed xend-config.sxp to have:
> (vnc-listen '0.0.0.0')
> 
> So this enables vnc listen on all interfaces, right?
> 
> Is there a way to limit what subnets or ip's are allowed?
> 
> There's also a vncpasswd setting. Does it use the same password on all
> the domU's?
> 
> Next, how do you enable it in the domU since this version of xen stores
> all of this in the xenstore? So if I do an xm list -l of a domU I get
> the config shown at the bottom. I think vnc is already enabled, but how
> do I get to this domU with vncviewer?
> 
> Thanks,
> James
> 
> 
> (domain
>     (domid 22)
>     (on_crash destroy)
>     (uuid 5f14eff8-d651-8f86-0d45-b032cb9d9c49)
>     (bootloader_args )
>     (vcpus 1)
>     (name server1)
>     (on_poweroff destroy)
>     (on_reboot restart)
>     (bootloader )
>     (maxmem 2048)
>     (memory 2048)
>     (shadow_memory 17)
>     (features )
>     (on_xend_start ignore)
>     (on_xend_stop ignore)
>     (start_time 1234031524.34)
>     (cpu_time 4421.91163849)
>     (online_vcpus 1)
>     (image
>         (hvm
>             (kernel /usr/lib/xen/boot/hvmloader)
>             (hpet 0)
>             (stdvga 0)
>             (extid 0)
>             (serial pty)
>             (vncunused 1)
>             (boot c)
>             (rtc_timeoffset -18000)
>             (pci ())
>             (pae 1)
>             (hap 1)
>             (acpi 1)
>             (localtime 1)
>             (timer_mode 0)
>             (vnc 1)
>             (nographic 0)
>             (guest_os_type default)
>             (apic 1)
>             (monitor 0)
>             (usbdevice tablet)
>             (device_model /usr/lib/xen/bin/qemu-dm)
>             (usb 1)
>             (xauthority //.Xauthority)
>             (isa 0)
>             (notes (SUSPEND_CANCEL 1))
>         )
>     )
>     (status 2)
>     (state -b----)
>     (store_mfn 524286)
>     (device
>         (vif
>             (uuid 1c455b73-650c-3173-ee4d-8a24624688ea)
>             (script vif-bridge)
>             (mac 00:16:3e:46:17:53)
>             (model rtl8139)
>             (type ioemu)
>             (backend 0)
>         )
>     )
>     (device
>         (vbd
>             (uname file:/var/lib/xen/images/dvstserver/disk0)
>             (uuid 76ddddd5-1e1d-8167-6712-234f98bd446b)
>             (mode w)
>             (dev hda:disk)
>             (backend 0)
>             (bootable 1)
>         )
>     )
>     (device
>         (vfb
>             (vncunused 1)
>             (type vnc)
>             (uuid 4abc3949-ab97-562f-9341-ea00ea133de1)
>             (location localhost:5900)
>         )
>     )
>     (device
>         (console
>             (protocol vt100)
>             (location 3)
>             (uuid e66caf6f-b3ac-1167-b386-abeed533817f)
>         )
>     )
> )



This e-mail may contain confidential and privileged material for the sole use 
of the intended recipient.  If this email is not intended for you, or you are 
not responsible for the delivery of this message to the intended recipient, 
please note that this message may contain SEAKR Engineering (SEAKR) 
Privileged/Proprietary Information.  In such a case, you are strictly 
prohibited from downloading, photocopying, distributing or otherwise using this 
message, its contents or attachments in any way.  If you have received this 
message in error, please notify us immediately by replying to this e-mail and 
delete the message from your mailbox.  Information contained in this message 
that does not relate to the business of SEAKR is neither endorsed by nor 
attributable to SEAKR.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.