10

Is it possible to access the VMs without having to forward the remote port and VNC to the localhost? I'd like to be able to VNC into the KVM server and see the VMs display.

Shoan
  • 1,595
  • 3
  • 16
  • 23

2 Answers2

13

I found the answer after some searching and found the following in /etc/libvirt/qemu.conf

# VNC is configured to listen on 127.0.0.1 by default.
# To make it listen on all public interfaces, uncomment
# this next option.
#
# NB, strong recommendation to enable TLS + x509 certificate
# verification when allowing public access
#
vnc_listen = "0.0.0.0"

I uncommented the above line and restarted libvirtd to find that I was still not able to access VNC over the network. This time the culprit was iptables. On Centos, I used system-config-firewall-tui to allow VNC access.

Shoan
  • 1,595
  • 3
  • 16
  • 23
  • Exactly what i was looking for. – Heiko Rupp Oct 09 '13 at 11:14
  • Do not forget to unblock firewalled ports on the KVM host (hypervisor) to be able access your VNC server, for example `firewall-cmd --permanent --add-port=5900/tcp; firewall-cmd --reload`. You may see these ports open on KVM host (as LISTEN) in the output of a command `netstat -pant` or `ss -pant`. – Milan Kerslager Mar 17 '19 at 07:29
  • after modifying that option into qemu.conf what service would you restart? – Philippe Gachoud Oct 01 '19 at 17:40
1

if you VNC to the KVM host, it means it should have an X server running (completely redundant thing to do on a hypervisor, but that's your choice). Since you already have a desktop, there's nothing to stop you from running virt-viewer or virt-manager to get access to a guest console directly. On the other hand, if the qemu-kvm VM is running with VNC support, you can simply connect to the VM's VNC console directly

dyasny
  • 18,482
  • 6
  • 48
  • 63
  • I don't have an X server running on the KVM host. You can create VMs with vnc output forcing the hypervisor to create a vnc server to view the console of the VM. This is very useful in non-unixy OSes like Windows. But by default the vnc server listens only to localhost. – Shoan Oct 04 '11 at 11:53
  • This is exactly what I meant in the second part of my post. Guess you could have formulated the question a little better, to address the problem of the default VNC listener being pointed to localhost and not to the 0.0.0.0 catchall. This is of course done for security reasons – dyasny Oct 04 '11 at 12:44
  • At time of asking, it wasn't obvious what I was looking for till I found the answer. You are right, that the question should have been better. – Shoan Oct 04 '11 at 13:21