How to Create a FreeBSD Jail Hosting XRDP and XFCE for Remote Desktop Access

How to Create a FreeBSD Jail Hosting XRDP and XFCE for Remote Desktop Access

FreeBSD
3 min read
Last modified:
by Stefano Marinelli
Categories: freebsd, server, networking, hosting, tutorial, jail, container, desktop
Tags: freebsd, server, networking, hosting, tutorial, jail, container, desktop, ownyourdata

How to Create a FreeBSD Jail Hosting XRDP and XFCE for Remote Desktop Access

Introduction

This tutorial guides you through the process of setting up a FreeBSD jail that hosts XRDP and XFCE. This setup enables secure remote desktop access.

Prerequisites

  • FreeBSD system
  • Basic knowledge of FreeBSD jails using BastilleBSD
  • SSH access to the FreeBSD server

Step 1: Create a New Jail with Bastille

First, we create a new jail using BastilleBSD. The following command initializes a jail named xfce with FreeBSD 14.1-RELEASE on IP 10.0.0.200:

bastille create xfce 14.1-RELEASE 10.0.0.200 bastille0

After creating the jail, modify its configuration (in a default environment, it would be /usr/local/bastille/jails/xfce/jail.conf) to enable certain features. Default configuration of xrdp needs an IPv6 address:

sysvshm = new;
allow.mount.procfs = 1;
ip6.addr = "fd12:3456:789a:1::1";

Step 2: Restart the Jail

Restart the jail to apply the new settings:

bastille restart xfce

Step 3: Install XRDP and XFCE

Access the jail's console, and install XRDP and XFCE:

bastille console xfce
pkg install xorg xrdp xfce

Step 4: Configure XRDP

Enable XRDP services by adding the following lines to your jail's /etc/rc.conf:

xrdp_enable="YES"
xrdp_sesman_enable="YES" # Enable if running xrdp-sesman on the same machine

Step 5: Modify the startwm script

Edit the /usr/local/etc/xrdp/startwm.sh file:

Uncomment exec startxfce4 to ensure XFCE is started with XRDP.

Step 6: Add a User

Create a user in the jail for remote access: 

adduser

Follow the prompts to set up the user.

Step 7: Secure the Connection

Never expose the RDP port directly. Instead, use an SSH tunnel:

  1. Restart the jail. Establish an SSH tunnel from your local machine to the host machine of the jail, forwarding the traffic to the jail's IP address (10.0.0.200) on port 3389, which is the default port for xrdp.
  2. Connect to the jail using an RDP client through the tunnel.

You now have a secure, remote desktop environment using XFCE within a FreeBSD jail, accessible through an SSH tunnel. This setup is ideal for managing isolated environments or for secure, remote workspace solutions.

You may also like