[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: port scans and X redirection
- To: lug-l@xxxxxxx
- Subject: Re: port scans and X redirection
- From: "David O. Torrey, Jr." <tj@xxxxxxx>
- Date: Tue, 26 Feb 2002 13:09:35 -0500 (EST)
For one application, it might be easier to just use ssh with X-redirection
turned on. The $DISPLAY setting is taken care of for you, and everything
should be happy.
As for forwarding ports, you'll want to forward port 6001 to the inside
machine's port 6000 (not 6001):
$IPTABLES -A PREROUTING -t nat -p udp -d $EXTIP --dport 6001 -j DNAT --to 192.168.0.70:6001
should be:
$IPTABLES -A PREROUTING -t nat -p udp -d $EXTIP --dport 6001 -j DNAT --to 192.168.0.70:6000
X is a TCP-based protocol, if that helps.
Thanks,
Dave
+------------------------------------------------------------------------+
| David Torrey Senior Systems Programmer |
| tj@xxxxxxx Center for Experimental Computation |
| (906) 487-2165 voice Michigan Technological University |
| (906) 487-2283 fax Houghton, MI 49931 |
| http://www.cec.mtu.edu/~tj/ |
+------------------------------------------------------------------------+
On Tue, 26 Feb 2002, Tim Carmean wrote:
> all i want to do is X -query snapster11.snap.mtu.edu which is the civil
> server so i can run ideas from my dorm room. i can do it fine from my
> router but the problem is my router only has a 17" screen. the machine im
> trying to X -query from is my HP Workstation running debian and kernel
> 2.4.16. this machine has a 21" monitor (fixed frequency sync on green which
> is why i dont use it on my main machine). what i tried was setting
> DISPLAY=192.168.0.70:1 (ip and port i want to use), and to my firewall
> ruleset:
>
> $IPTABLES -A PREROUTING -t nat -p udp -d $EXTIP --dport 6001 -j DNAT --to
> 192.168.0.70:6001
>
> its probably something as simple as being tcp or something but i still get
> the error "session failed for display 192.168.0.70:1: cannot open display"
>
> all i want to do is be able to do X -query snapster11.snap.mtu.edu so i can
> run ideas from the dorm.
>
> /me wonders if anyone can provide some more insight to his problem
>
> tim carmean