I used to connect from A to a system B through VNC with SSH tunnel via C.

I do the following:

  1. In B I start the vncserver:


    and let's say I get the :12

  2. In A I open the ssh tunnel:

    ssh -v -C -L 5912:B:5912 user@C
  3. In A I start my vnc client:

    vinagre localhost:12

But this doesn't work anymore, because when I start vinagre in the terminal associated to my ssh-tunnel I get:

channel 3: open failed: connect failed: No route to host

I know that there have been some problem with the system last week, but I don't know what has changed (I am not the computer administrator), maybe the ip address have been changed but I have removed


so to avoid problems. I would appreciate any help or hint

I have checked that self-vnc works, by running

vncviewer localhost:12

on system B

I have done some tests, and I have found out that if I try to tunnel and connect to a session open by another user (with another number, like :6) I can connect successfully: in the sense that of course I cannot log in because I don't have the correct password, but at least the vnc client prompts for a password, moreover I don't see any message 'no route to host'. What could that mean? It looks like this vnc thing is not working only on some ports, doesn't it?.

Apparently the system manager set the accessible vnc port range 5900-5910, but the VNC server was assigning me a port number far above this value.

  • 1
    worth noting re -C (compression) from man ssh " Compression is desirable on modem lines and other slow connections, but will only slow down things on fast networks."
    – barlop
    Commented Feb 19, 2015 at 13:38
  • @barlop OK, thanks. I guess it is because it adds the overhead of compressing the data on the client
    – simona
    Commented Feb 24, 2015 at 10:37
  • Whatever the reason, just saying it adds overhead(as you do), would (contrary to what you think), not explain that quote which mentions about fast and slow networks.
    – barlop
    Commented Feb 25, 2015 at 2:10

3 Answers 3


Just a quick update why your port falls outside that port range - When a vncserver is started, your assigned port number is 5900 + N, where N is the returned VNC server number. Example:

New 'localhost:1' desktop is localhost:1

In that case your port will be 5901. In your example, your server is using 5912, which is outside of your port range.


There is a possibility that indeed VNC server assigns a high port number beyond the allows range in firewall, as the edited question and Byob's answer indicate.

However, there is still a possibility as it has occured to me that there is indeed a routing error somewhere like the routing tables of the host machine or the router maybe. There is a relevant conversation in Google groups:

The routing for the target workstation is different between the two systems (...). The fault (...) will be either on the router or on the workstation, and it will either be a fault of omission (you've lost a route in your routing table) or superimposition (you've added an incorrect route to the routing table).

Also make sure that B indeed is reachable.


Apparently the system manager set the accessible vnc port range 5900-5910, but the VNC server was assigning me a port number far above this value.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .