Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

allow X11 remote connection

Status
Not open for further replies.
7280

7280

MIS
Apr 29, 2003
331
IT
Hi,
my system is running Suse Linux 10.1.
I want to use my system to export a remote display.
I have disabled suse firewall:
linux:~ # /sbin/SuSEfirewall2 status
SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
SuSEfirewall2: SuSEfirewall2 not active
I have added also these entries in /etc/sysconfig/displaymanager:
DISPLAYMANAGER_REMOTE_ACCESS="yes"
DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN="yes"
Then I restarted X11.
If I run nmap on my system I see:
linux:~ # nmap localhost

Starting Nmap 4.00 ( ) at 2006-07-18 16:33 CEST
Interesting ports on localhost (127.0.0.1):
(The 1669 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
631/tcp open ipp
6000/tcp open X11

Nmap finished: 1 IP address (1 host up) scanned in 0.190 seconds

But if I run nmap from another server I don't see X11.
And if I try to run any x application remotely, eg. xclock, I recieve error:
Error: Can't open display: ip
Of course on my system I run xhost +

Please advice, thanks
Tarek
 
Sort by date Sort by votes
The first thing that I would do is to shut down the firewall and rerun your NMAP scan, just to verify that the Xserver is actually listening on the network interface and not just localhost.

Also, I would never use "xhost +" as it allows anyone to log onto your machine as root. If you need to connect to your machine from anywhere, then at least tunnel through ssh or a VPN where you can provide some form of authentication. Since it would appear that you are getting in through ssh anyway, why not tunnel it and keep port 6000 closed on your firewall?

Next, what is the DISPLAY environment variable set to when you log in remotely? You need it set to DISPLAY=remote_host:0 or whichever display on that host you are trying to connect with. You can display the variable by using "echo $DISPLAY" and you can set it using "export DISPLAY=remote_host:0" in your shell. If ssh is set up to allow tunneling of X, then the display variable is normally set on login.


pansophic
 
Upvote 0 Downvote
Hi,
thanks for your response.
As you can see from output of command "SuSEfirewall2 status" firewall is down but I still can't see port 6000 from remote host.
DISPLAY variable is already set correctly on remote host.
I did xhost+ just to be sure that this was not the problem. Usually I use xhost+ remotehost.

On my server I have two nic, but only one is configured.
If I issue ifconfig -a I see also the other nic but it's down. Can this be the problem?

Thanks,
Tarek
 
Upvote 0 Downvote
There shouldn't be a problem with the other NIC being down. If that was the problem, you couldn't ssh into the computer either (it would be a routing issue).

What does the output of "netstat -ln" and "lsof -i" look like? Does the system think that the Xserver is listening on all interfaces? Or only loopback (which is correct in most distributions).

Is there a reason that you are reluctant to simply tunnel over ssh? It is the safest method of remoting an Xsession. Otherwise all of your data passes in the clear. All you have to do is go to your /etc/ssh/sshd_config and uncomment or add the lines "X11Forwarding yes" and "X11DisplayOffset 10" and restart sshd. You have to allow X tunneling on your client as well if you are using something like putty to remote the display, but I believe all of the linux distros enable tunneling on the client by default.


pansophic
 
Upvote 0 Downvote
Hi,
netstat -ln shows for Active Internet connections:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN
tcp 0 0 :::6000 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN

lsof -i shows for listening services:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 2168 root 3u IPv6 6585 TCP *:ssh (LISTEN)
X 2504 root 1u IPv6 7404 TCP *:6000 (LISTEN)
X 2504 root 3u IPv4 7405 TCP *:6000 (LISTEN)
cupsd 2508 lp 0r IPv4 7926 TCP *:ipp (LISTEN)

X11Forwarding is already set to yes in /etc/ssh/sshd_config.

Thanks again
 
Upvote 0 Downvote
Those both indicate that the system is listening on all interfaces, so there must be something else blocking the requests. The only things that I can think of off hand would be a firewall (either on the scanning or scanned machine, or on the network between), a port filtering router between the two machines, or some IPTables/IPChains on the scanning or scanned machines.

If you run ethereal (or tcpdump) during the scan, do you see the requests arriving at the external interface?


pansophic
 
Upvote 0 Downvote
As Pansophic recommended I would definitely tunnel using ssh, anyway you may need to enable the client as well by modifying ssh_config file and adding

ForwardX11 yes

QatQat

Life is what happens when you are making other plans.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ahm1985
  • Locked
  • Question
test internet connection failed to mail server
Replies
4
Views
211
ahm1985
ahm1985
cmayo
  • Locked
  • Question
WGET is getting my IP blocked on remote server - how to avoid rapid reconnections?
Replies
6
Views
309
cmayo
cmayo
ahm1985
  • Locked
  • Question
Remote host said: 451 Upstream SMTP server not available/
Replies
4
Views
599
ChrisHirst
ChrisHirst
omonoiatis9
  • Locked
  • Question
Tomcat connections not closed on RHEL server after failover
Replies
1
Views
150
ady2012
ady2012
audiopro
  • Locked
  • Question
Closing Connections After Image Has Loaded
Replies
0
Views
121
audiopro
audiopro

Part and Inventory Search

Sponsor

Back
Top