setup x11 behind firewall

May 26, 2011

How do we setup x11 behind firewall ?

In this case we will use a Rackspace Cloud server with Red Hat Linux and a windows box behind a corporate firewall.¬† I have slightly modified the Rackspace guide below (you will see what I’ve crossed out in red and added the correct line in blue)

Install the Necessary Packages

This article will assume you know how to use the YUM (YUM Update Manager) from the CentOS – Setup article.

If you would like information about tunnelling VNC over SSH please visit

Install Perl

# yum install perl

Install X Windows

We will need to install the X-Windows platform to run the graphical portion of this project. X11 is a graphical display server, and will server and will sit above the Window Manager.

To install run the following as root:

# yum groupinstall "X Window System"

Install a Window Manager

KDE, GNOME and TWM are all Window Managers and are the human usable layer that you are probably familiar with. This gives you the access to use a mouse and send calls to the X11 server.


# yum groupinstall "KDE (K Desktop Environment)"

Also, this may be needed:

# yum install kde-session


# yum groupinstall "GNOME Desktop Environment"

Also, this may be needed:

# yum install gnome-session


TWM is the default X-Window Manager and you don’t have to install any additional packages, it is light and will run on almost anything, but is also not very user friendly and almost requires a power-user.

Install VNC Server

VNC is the service that display your X output to a tcp connection over the internet.

# yum install vnc-server


Configure VNC

  • Modify the /etc/sysconfig/vncservers configuration file by performing the following commands:
# nano /etc/sysconfig/vncservers

Insert the following lines into the file:

VNCSERVERARGS[1]="-geometry 800x600 -nolisten tcp -nohttpd -localhost"

This will create a VNC session for one user with the username of someguy. If you would like to setup multiple users you will need to add additional users to that line. For example…

1:someguy 2:someperson 3:somegirl

You will also need to add additional VNCSERVERARGS lines to correspond to each user. Change the [1] to match the session number.


If you have a firewall running, you will need to open port 5901. For example, on CentOS, run:

# iptables -I RH-Firewall-1-INPUT 1 -p tcp --dport 5901 -j ACCEPT

If needed, replace 5901 with a range, depending on the number of sessions required (e.g. 5901:5905).

Here’s a detailed guide:

Backup your iptables current config, edit a copy of the config, and apply config:

cp /etc/iptables.rules ~/iptables.old; cp /etc/iptables.rules ~/new_iptables.rules; nano -w ~/new_iptables.rules
cp ~/new_iptables.rules /etc/iptables.rules
iptables-restore < /etc/iptables.rules
iptables -L
iptables-save > /etc/sysconfig/iptables


What’s going on here?

—–(backup¬† iptables before modification)—-

# cp /etc/iptables.rules ~/iptables.old

—–(copy iptables current config to a temp “new config” file)—-

# cp /etc/iptables.rules ~/new_iptables.rules

—–(modify iptables here)—-

# nano -w ~/new_iptables.rules

—–(push the stages to our stage iptables file)—-

# cp ~/new_iptables.rules /etc/iptables.rules

—–(push changes to iptables and make them live)—-

# iptables-restore < /etc/iptables.rules

-----(verify new rules are correct and apply to permanent config so they are persistant on reboot )----

# iptables -L
# iptables-save > /etc/sysconfig/iptables

Test the Server

Switch to your User

# su username
$ cd ~

Create a .vnc directory

take note of the '.' in front of the name

$ mkdir .vnc
$ cd .vnc

Create the xstartup file

Insert the configuration below (this is for a KDE-VNC session):

exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
startx &
exec kde-session &
  • If you are using GNOME, change 'kde-session' to 'gnome-session'
  • If youare using TWM, change 'kde-session' to 'twm &'

Make the file executable:

$ chmod u+x xstartup

Setup your VNC user

Set the user's private VNC connection password

# vncpasswd
  • You will be required to confirm your password.

Start the VNC server

Make sure you exit out of your user session and go back to 'root'.

start the server:

# service vncserver start
  • You may see some error messages here stating 'unexpected EOF' or syntax errors -- these are normal. If you see [ OK ] then the service has started properly.

Connect to your VNC

Open up your VNC client and type in your external IP address, colon, then your session ID configured in /etc/sysconfig/vncservers. The session number must correspond to the user name or it will not connect.


  • Type in the password you chose with vncpasswd and you will be connected.

To close the connection simple close the window.

Stopping the VNC Server

To stop the VNC server type the following:

# service vncserver stop

What if i close the terminal in TWM, how do i get it back?

log in as root and run this, then reconnect with your user:

# service vncserver stop

# service vncserver start

-----(modify iptables here)----