Today had a minor issue wherein was not able to access a VNC desktop on a RedHat or a CentOS Linux instance on AWS (EC2). Although defined a Security Group allowing all TCP traffic and halted the AWS instance’s firewalls but to no avail.
Thereafter searched the web assuming (incorrectly) to be a glitch at AWS. There were some posts on the AWS forum detailing something similar but there was a common refrain that struck me – an instance owner could not access VNC on port 5901 (5900 to 5902 etc) but Amazon Support could.
Got me thinking about a local firewalls and it turns out that there was a local network firewall that was disabling connecting to an external IP (such as my Amazon instance) on these ports. To confirm, quickly created a server on port 80 and 443 on the AWS instance and I was able to access those seamlessly.
Thereafter created a tunnel that ssh’ed into the remote machine using port 22 (that is open in both the local and remote firewalls):
ssh -i amazonKey.pem -f root@XXX.compute-1.amazonaws.com -L 5901:XXX.compute-1.amazonaws.com:5901 -N
Here we are ssh’ing into the Amazon instance and opening the local port 5901 and forwarding all traffic on that to the remote Amazon instance’s vnc server listening on port 5901.
Also one could also disable or stop the remote Amazon instance’s “iptables or ip6tables” firewall:
service iptables stop
service ip6tables stop