If you want to limit subnets, your best bet is to use iptables to prevent
unauthorized IPs from logging in.
In order to get VNC to listen on all of your interfaces, you may need to modify
the guest configurations, as well - some of them may specify 127.0.0.1 in
addition to it being the xend-config.sxp file. Look at the config files for
your domUs and make sure they''re set correctly.
After that, you can use vncviewer localhost:<portnumber> on the local Xen
machine, or VNC Viewer from another machine to connect.
-Nick
>>> On Mon, Feb 9, 2009 at 8:26 AM, James Pifer
<jep@obrien-pifer.com> wrote:
> I''m running xen-3.2.0_16718_18-0.3. How do you allow someone to
vnc to a
> specific domU?
>
> I changed xend-config.sxp to have:
> (vnc-listen ''0.0.0.0'')
>
> So this enables vnc listen on all interfaces, right?
>
> Is there a way to limit what subnets or ip''s are allowed?
>
> There''s also a vncpasswd setting. Does it use the same password on
all
> the domU''s?
>
> Next, how do you enable it in the domU since this version of xen stores
> all of this in the xenstore? So if I do an xm list -l of a domU I get
> the config shown at the bottom. I think vnc is already enabled, but how
> do I get to this domU with vncviewer?
>
> Thanks,
> James
>
>
> (domain
> (domid 22)
> (on_crash destroy)
> (uuid 5f14eff8-d651-8f86-0d45-b032cb9d9c49)
> (bootloader_args )
> (vcpus 1)
> (name server1)
> (on_poweroff destroy)
> (on_reboot restart)
> (bootloader )
> (maxmem 2048)
> (memory 2048)
> (shadow_memory 17)
> (features )
> (on_xend_start ignore)
> (on_xend_stop ignore)
> (start_time 1234031524.34)
> (cpu_time 4421.91163849)
> (online_vcpus 1)
> (image
> (hvm
> (kernel /usr/lib/xen/boot/hvmloader)
> (hpet 0)
> (stdvga 0)
> (extid 0)
> (serial pty)
> (vncunused 1)
> (boot c)
> (rtc_timeoffset -18000)
> (pci ())
> (pae 1)
> (hap 1)
> (acpi 1)
> (localtime 1)
> (timer_mode 0)
> (vnc 1)
> (nographic 0)
> (guest_os_type default)
> (apic 1)
> (monitor 0)
> (usbdevice tablet)
> (device_model /usr/lib/xen/bin/qemu-dm)
> (usb 1)
> (xauthority //.Xauthority)
> (isa 0)
> (notes (SUSPEND_CANCEL 1))
> )
> )
> (status 2)
> (state -b----)
> (store_mfn 524286)
> (device
> (vif
> (uuid 1c455b73-650c-3173-ee4d-8a24624688ea)
> (script vif-bridge)
> (mac 00:16:3e:46:17:53)
> (model rtl8139)
> (type ioemu)
> (backend 0)
> )
> )
> (device
> (vbd
> (uname file:/var/lib/xen/images/dvstserver/disk0)
> (uuid 76ddddd5-1e1d-8167-6712-234f98bd446b)
> (mode w)
> (dev hda:disk)
> (backend 0)
> (bootable 1)
> )
> )
> (device
> (vfb
> (vncunused 1)
> (type vnc)
> (uuid 4abc3949-ab97-562f-9341-ea00ea133de1)
> (location localhost:5900)
> )
> )
> (device
> (console
> (protocol vt100)
> (location 3)
> (uuid e66caf6f-b3ac-1167-b386-abeed533817f)
> )
> )
> )
This e-mail may contain confidential and privileged material for the sole use of
the intended recipient. If this email is not intended for you, or you are not
responsible for the delivery of this message to the intended recipient, please
note that this message may contain SEAKR Engineering (SEAKR)
Privileged/Proprietary Information. In such a case, you are strictly prohibited
from downloading, photocopying, distributing or otherwise using this message,
its contents or attachments in any way. If you have received this message in
error, please notify us immediately by replying to this e-mail and delete the
message from your mailbox. Information contained in this message that does not
relate to the business of SEAKR is neither endorsed by nor attributable to
SEAKR.
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users