I've not used in ages, but one can define port using /etc/vnc.conf file.

Otherwise just open /usr/bin/vncserver Code:

vi /usr/bin/vncserver

Find line that read as follows Code:

$vncPort = 5900 + $displayNumber;

Change 5900 to something else and start vncserver again.

root@exsys:~# vncserver New 'X' desktop is exsys:8 Starting applications specified in /root/.vnc/xstartup Log file is /root/.vnc/exsys:8.log
root@roswell etc]# service vncserver start Starting VNC server: [root@roswell etc]# [root@roswell etc]# vncpasswd Password: Verify: [root@roswell etc]# [root@roswell etc]# vncserver New 'roswell:1 (root)' desktop is roswell:1 Starting applications specified in /root/.vnc/xstartup Log file is /root/.vnc/roswell:1.log [root@roswell etc]# [ OK ]

Note: These instructions do not include VNC over SSH. Comments on improving this are welcome. 1. Go to System Settings > Servger Settings > Services, and put a checkbox in 'vncserver'. 2. Start your vncserver from a terminal using the following command: vncserver :1 (note: this puts it on port 5901. :0 would set it to port 5900, :2 would set it to 5902, :3 to 5903, etc.) 2a. The first time, it will ask you for a password to connect to the desktop. Enter a password (you can always change it later with the terminal command 'vncpassword') . 4. ensure xvnc is actually running: either by using the 'top' command in a terminal window to search for a running instance, or, click away from 'vncserver' in the services window and then back on it to see if it's shown as running.

5. Check to see what port vnc is running on (should be 5901 if you indicated :1) by entering the following in a terminal window, but let's double check: netstat -ln ---------------Now comes the tricky part. I'm going to assume your machine has iptables set up somewhere; iptables are meant to firewall the system. 6. Check to see how your iptables are set up with the following terminal command: iptables -nvL If you do not have iptables set up (as in, nothing is returned), you probably should add iptables; download the latest package and install. Ours is set up in the following manner, please note that YOURS MAY BE DIFFERENT: Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 4108 439K RH-Firewall-1-INPUT 0 0.0.0/0 all -* * 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 0.0.0/0 0 RH-Firewall-1-INPUT all -* * 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 3409 packets, 377K bytes) pkts bytes target prot opt in out source destination Chain RH-Firewall-1-INPUT (2 references) pkts bytes target prot opt in out destination 3084 335K ACCEPT 0.0.0.0/0 0 0 ACCEPT 0.0.0.0/0 icmp type 255 0 0 ACCEPT 0.0.0.0/0 0 0 ACCEPT 0.0.0.0/0 803 67244 ACCEPT 0.0.0.0/0 all -lo * * * * * * * * * source 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0

icmp -esp ah all ----

state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 state NEW tcp dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 state NEW tcp dpt:80 0 0 ACCEPT tcp -- * * 0.0.0.0/0 state NEW tcp dpt:21 1 40 ACCEPT tcp -- * * 0.0.0.0/0 state NEW tcp dpt:22 0 0 ACCEPT tcp -- * * 0.0.0.0/0 state NEW tcp dpt:7886 0 0 ACCEPT tcp -- * * 0.0.0.0/0 state NEW tcp dpt:8080 0 0 ACCEPT tcp -- * * 0.0.0.0/0 state NEW tcp dpt:2401 220 36934 REJECT all -- * * 0.0.0.0/0 reject-with icmp-host-prohibited Note this chain: Chain RH-Firewall-1-INPUT (2 references)

0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0

We need to insert an ACCEPT for port 5901 to allow 5901 through (our INPUT into the firewall). We will do this with the following command: iptables -I RH-Firewall-1-INPUT -m state --state NEW -p tcp --destination-port 5901 -j ACCEPT (If you did not set your vncserver to :1 initially, make sure you use the correct --destination-port for your setup, ie. 5902 for :2) What this is telling us: -I RH-Firewall-1-INPUT = INSERT at top of iptable RH-Firewall-1-INPUT (defaults to first row). -A will add, but as the last rule in the chain - chains work from top to bottom; a packet goes down the chain only until it finds a matching rule; then it follows that rule without ever looking at subsequent rules (with a few exceptions). -m state = allows for connection tracking; not completely necessary if not implemented into your system --state NEW = see 'man iptables' for further information on this -p tcp = here we can set either tcp or upd; in this case, we want tcp as incoming packets --destination-port 5901 = what our destination port is (5901 in this case) -j ACCEPT = 'jump' (target). As per the manual: This specifies the target of the rule; i.e., what to do if the packet matches it. The target can be a user-defined chain (other than the one this rule is in), one of the special built-in targets which decide the fate of the packet immediately, or an

extension in

(see EXTENSIONS below).

If this option is omitted

a rule, then matching the rule will have no effect on the packet's fate, but the counters on the rule will be incremented. 7. forward ports 5900-5904 to the VNC Linux server IP address via your router only if you are allowing remote access (ie. from outside the LAN). 8. install a viewer on the windows client, either from www.realvnc.com or ultravnc from http://www.ultravnc.com/. (In the test case, I used ultravnc.) 9. Start up ultravnc on your Windows machine with the correct ip address of your Linux box followed by :1. 192.168.xx.xx:1 10. choose 'Connect' and enter the password you assigned earlier when prompted. 11. After a brief delay, you should begin to see your Linux desktop.

One final note: Once you restart your machine, both the iptable and vncserver startup will be lost. Also, a 'service iptables restart' will flush the rule. To make the vncserver load on bootup: 1. From a terminal: cd /etc/sysconfig/ 2. Edit 'vncservers' with vi or your preferred choice of editor To make your rule permanent: To be continued