[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: port scans and X redirection



If you disable port 6000, you will cut off the remote display of apps
*to* your machine.  Locally generated apps should still work, provided
your $DISPLAY is something like ":0.0" or "unix:0.0", and not like
"hostname:0.0" or "localhost:0.0".  I believe the latter forms use a
TCP binding, forcing traffic through your stack, and thereby through your
firewall.

You could always try it and see if it breaks anything :)


In reference to the other post about redirecting X around a router, you
ought to be able to do that with a few filter rules.  You basically want
to forward port 6000 inbound from the outside to your internal machine.
There won't be any way to get a remote X app displayed on the router from
the outside, but it sounds like you don't want to anyway.  If this isn't
what you meant, try describing it more specifically... I'm not sure what
you're looking to make "X -query" do.

Thanks,
Dave

+------------------------------------------------------------------------+
| David Torrey                     Senior Systems Programmer             |
| tj@xxxxxxx                       Center for Experimental Computation   |
| (906) 487-2165 voice             Michigan Technological University     |
| (906) 487-2283 fax                  Houghton, MI 49931                 |
| http://www.cec.mtu.edu/~tj/                                            |
+------------------------------------------------------------------------+

On Mon, 25 Feb 2002, Timothy W. Savage wrote:

> i just did a port scan on my machine, and it's telling me that my x11
> port(6000) is currently open.  i have a question, i know how to close it
> off, but should i?  will i still be able to run X locally or if i close
> it down will i not be able to run X apps across the network?
> 
> thanks
> 
> tim savage
>