X11 forwarding and iptables question
John Sellens
jsellens-Iv5KO+h6AVB+Y12zHexnB0EOCMrvLtNR at public.gmane.org
Fri Nov 26 23:24:21 UTC 2010
If X apps work for you locally, then they should also work with X11
forwarding over ssh, unless you have very strange iptables settings
(e.g. rules on lo0/127.0.0.1/localhost).
Check the remote end's sshd_config file to make sure that X11Forwarding
is allowed. My sshd_config(5) man page says that the default is no.
Check your DISPLAY environment variable in your ssh session (via echo
$DISPLAY). Ssh should set it to something like localhost:10.0 if
forwarding is working.
Check that the remote end has an xauth(1) command.
See if verbose ssh (with -v) tells you anything interesting.
Hope that helps!
John
| I recently locked down my ports using some iptables rules to DROP all INPUT
| and FORWARD packets and then accept only on certain ports.
|
| My most of my stuff is working as expected except for X11 forwarding (ie. by
| logging in with ssh -X and running stuff like xclock).
|
| I noticed that ports 177 and 6000:6007 are X11 related. I opened these up on
| the INPUT chain but X11 forwarding still doesn't work.
|
| What iptable rule should I be invoking to allow X11 forwarding?
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list