In this article let’s see detailed solutions to the problem of “VNC ports to open Public”, ie; whether TCP port 5900 for VNC Server is open. Some ports, like HTTP and HTTPS, must be open to the public in order to function properly and more sensitive ports like VNC Server should be restricted from known IP addresses.
Open VNC port in Management Console
Follow these steps to allow VNC Server to specific IP addresses.
- Access the AWS Management Console by logging in.
- Choose the Services option and then look for EC2.
- From the left navigation panel, select the Security Group from Network & Security.
- Select the “EC2 Security Group” that needs to be verified.
- Select “Inbound” from the bottom panel. Check the value for the Source column for Custom TCP Rule for port range 5900 Type. The selected Security Group has a TCP port for VNC Server open to the public if a rule value has been set to 0.0.0.0/0 or::/0. Then, repeat the steps to validate the remaining Security Groups in the selected AWS region.
- To navigate, select the Security Group from Network & Security, that needs to be modified to restrict TCP port 5900 access for VNC Server to a specific IP address.
- Now select the Inbound option and then click the “Edit” button.
- From Edit Inbound Rules tab, click the source column and select Custom or MyIP.
- The selected MyIP from the source column will allow only specific IP addresses to connect to the VNC Server.
- Select Custom from the Source column as required for VNC Server and specify static IP or Elastic IP address along with a description for the Security Group rule in the Edit inbound rules tab. To save your changes, click the Save button.
- Repeat steps (from 6 to 10) to restrict TCP port 5900 for VNC Server to a known IP address.