Product SiteDocumentation Site

9.2.2. Connecting to VNC Server

Once the VNC server is configured, you can connect to it from any VNC viewer. In order to do so, issue the vncviewer command in the following format:
vncviewer address:port_number
Where address is an IP or host name.
Example 9.1. One Client Connecting to VNC Server
With the IP address and display number 3 the command looks as follows:
~]$ vncviewer Configuring the Firewall for VNC

When using a non-encrypted connection, firewalld might block the connection. To allow firewalld to pass the VNC packets, you can open specific ports to TCP traffic. When using the -via option, traffic is redirected over SSH which is enabled by default in firewalld.


The default port of VNC server is 5900. To reach the port through which a remote desktop will be accessible, sum the default port and the user's assigned display number. For example, for the second port: 2 + 5900 = 5902.
For displays 0 to 3, make use of firewalld's support for the VNC service by means of the service option as described below. Note that for display numbers greater than 3, the corresponding ports will have to be opened specifically as explained in Procedure 9.3, “Opening Ports in firewalld”.
Procedure 9.2. Enabling VNC Service in firewalld
  1. Run the following command to see the information concerning firewalld settings:
    ~]$ firewall-cmd --list-all
  2. To allow all VNC connections from a specific address, use a command as follows:
    ~]# firewall-cmd --add-rich-rule='rule family="ipv4" source address="" service name=vnc-server accept'
    See the Red Hat Enterprise Linux 7 Security Guide for more information on the use of firewall rich language commands.
  3. To verify the above settings, use a command as follows:
    ~]# firewall-cmd --list-all
    public (default, active)
      interfaces: bond0 bond0.192
      services: dhcpv6-client ssh
      masquerade: no
      rich rules:
    	rule family="ipv4" source address="" service name="vnc-server" accept
To open a specific port or range of ports make use of the --add-port option to the firewall-cmd command Line tool. For example, VNC display 4 requires port 5904 to be opened for TCP traffic.
Procedure 9.3. Opening Ports in firewalld
  1. To open a port for TCP traffic in the public zone, issue a command as root as follows:
    ~]# firewall-cmd --zone=public --add-port=5904/tcp
  2. To view the ports that are currently open for the public zone, issue a command as follows:
    ~]# firewall-cmd --zone=public --list-ports
A port can be removed using the firewall-cmd --zone=zone --remove-port=number/protocol command.
For more information on opening and closing ports in firewalld, see the Red Hat Enterprise Linux 7 Security Guide.