I'm in the local network inside a NAT system. How can I connect to the remote host?

Owned by Support
May 21, 2018
2 min read

To run a remote X program, your IP address should be a public one that can be reached from the remote host because a remote program tries to connect to your local PC.


If your PC is located inside the firewall or NAT and the Unix host is located outside, X applications cannot connect to the Xmanager running on your PC.


There are two solutions on this situation:

  • By using SSH connection
  • By configuring port forwarding rules on the NAT system



SSH connection

In case of using SSH connection, you do not have to configure other options. It establishes a secure tunnel between PC and Unix, so we recommend that you use SSH protocol if the Unix server supports it.


Secure XDMCP is a new feature that will change how people access their remote hosts. Learn how to obtain CDE or GNOME/KDE environment under the NAT environment using Secure XDMCP. 

Tutorial Link


To start an X application through SSH protocol, please go through the following steps:

  1. Run Xstart in the Xmanager folder.
  2. Select SSH for Protocol.
  3. Enter username, password, hostname, etc.
  4. Fill the Execution Commnad box as following:
    /usr/bin/X11/xterm -ls
    * Note that -display option is absent. SSH server will assign a proper value.

  5. Click Save and Run button.
  6. The Xstart will automatically run Xmanager and then execute the remote command.
  7. In the command prompt of xterm window, execute startkde for KDE, gnome-session for Gnome or Xsession for CDE.
    * Please refer to the following link to find out more commands for starting each UNIX/Linux desktop environment:


FAQ Link

Port forwarding rules on the NAT System

To use port forwarding, you should forward the port 6000 of NAT system to the port 6000 of your PC. In case of multiple local users, you can do the following steps:

(NAT, 6001) -> (PC1, 6000)
(NAT, 6002) -> (PC2, 6000)
. . .
(NAT, 6009) -> (PC9, 6000)

To make XDMCP connection, you need to setup proxy options in the session properties. (*The following instruction is for the PC1.)

  1. Create a new XDMCP session in Xmanager.
  2. Open the session properties and select 'Use following connection address' in the Proxy area of the General tab.
  3. In the Host text box, type the IP addreass of the NAT server.
  4. In the Port Number text box, type the port number you have assigned in the NAT system for your PC. (6001 for the PC1)
  5. Clear 'Allocate display number automatically' in the Display Number area of the X Server tab.
  6. Type the remaining number when subtracting 6000 from the port number in the step 4 above. (1 for the PC1)

For connections using Xstart, each user has to enter "-display" option as following:

PC1: /usr/bin/X11/xterm -ls -display $NATsystem:1
PC2: /usr/bin/X11/xterm -ls -display $NATsystem:2
. . .
PC9: /usr/bin/X11/xterm -ls -display $NATsystem:9

If I'm inside a firewall using IP Masquerading, how can I connect to external Linux/Unix hosts? (ex. kernel 2.2)

Run the following command as a root on your firewall server.

# ipmasqadm portfw -a -P tcp -L FIREWALL_ADDRESS 6001 -R PC_ADDRESS 6000


Run Xstart program and enter the following command at Command field.

/usr/bin/X11/xterm -ls -display FIREWALL_ADDRESS:1.0


Be sure that, firewall_address and PC_address have been changed to the corresponding IP addresses on your own network. If you do not have ipmasqadm tool, please download from the following site:
http://www.e-infomax.com/ipmasq/juanjox/