for whatever reason, it is not enough to allow udp traffic on port 5900, one also needs to allow tcp traffic.

/sbin/iptables -A INPUT -p tcp -m tcp --dport 5900 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --dport 5900 -j ACCEPT

optional:

delete all iptables rules (WARNING! one will lose all existing connections!)

iptables -F
admin