Ipfire qemu problem - can't connect to VNC server from Windows 10

I have installed ‘IPFire 2.27 - Core Update 160’ on PC Engines APU.4D4 board with qemu-addon version 5.2.0.
I create a ​.img file and put the command into the terminal.
A note say: “VNC server running on 127.0.0.1:5900”
Under Ipfire I activate Remote access (ssh) - everything OK.

On my Windows 10 PC with 'Bitvise SSH Client` I open a new terminal console with a remote desktop.

Error message:
Failed to open channel for Remote Desktop forwarding from 127.0.0.1:61697 on 127.0.0.1:61696 to 127.0.0.1:3389. Open failure reason: AdministrativelyProhibited, description: open failed.
Remote Desktop Connection closed.

I found information that
/etc/ssh/sshd_config
AllowTcpForwarding no

and a entry: PermitTunnel yes
would help with the problem - unfortunately, no

Than I have tested with putty and x11 forwarding for 127.0.0.1:5900
The same effect - I can’t connect to ipfire (vnc)

Have anyone a idea for solve this problem?

Did you allow the traffic to port 5900 in the firewall? Are you connecting from the internet side or the green network? If it’s the former, you need to enable a destination NAT for port 5900 as well, I would guess.

Anyhow you can troubleshoot more easily if you open a connection to IPFire console and issue a
tail -f /var/log/messages
then you try to connect to VNC and see in the console what IPFire will message out. ctr-c to exit. If you cannot figure it out, those logs might help others here more competent then I am to tell you what is the problem.

127.0.0.1 is a very special IP. (localhost). This ip address cannot reached via network.
Depending on your qemu network config you have to bind the vnc to a local interface or add one to a bridge that you can reach via network.

Arne is right, of course.

Bridged networking (aka “shared physical device”) and in particular: libvirt Networking Handbook

Edit: the wiki has all the information needed to safely setup a virtual machine in IPFire, network included: Wiki: Libvirt

Thanks Arne.F and cfuso for your information.

I have many time tested and I cannot to connect to qemu under ipfire.
Please see the attachmend for a better understandig what the problem is.
I have no more idea what the problem is. The vnc server run and port 5900 is open under ipfire and windows.

libvirt-remote is ok, ssh conncet is ok, ipfire and window rules think is ok .
Request was denied. - No idea.

Jetzt schon zig Stunden damit verbracht, aber irgendwie funktioniert das alles nicht. Warum der Zugriff verweigert wird ist mir einfach nicht klar. Das man die Sache auch hier in Englisch erklären muss, ist auch nicht gerade leicht. Na ja, zumindest nicht noch auf Russisch oder Chinesisch. Sorry, aber das alles ist schon ziemlich frustrierend.

I hope anyone someone help me.

Error message:
… refused local port forward: originator error
https://gss-portal.com/knowledgebase/140/refused-local-port-forward-originator-error.html
Is this even for Ipfire?

You can use google translate to facilitate our communication. German/English should work pretty well. I translated what you wrote in German and it was pretty clear. If I did it, you can do it as well. For starter, you should translate the wiki page. Then try to understand the network part, because I think this is your problem.

I suspect you did not manage to bind the virtual machine to the network using a bridge device (which is what you are supposed to do) and I would like to confirm that.

Could you post the xml configuration file of your virtual machine? I would like to see how the network is configured. Go to IPFire console and issue this command:

virsh dumpxml GuestID > guest.xml

where GuestID is name of your virtual machine. This command will create in the directory where you log in a file called guest.xml (you can change the name, doesn’t really matter). Paste the content of this file here.

In alternative, if you do not put “> guest.xml” the command will show the xml file in your screen, you can copy and paste that as well.

Remove anything in there that can compromise your privacy.

1 Like