From: Ronan Waide (waider at domain waider.ie)
Date: Tue 09 Jul 2002 - 22:02:39 IST
On July 9, johngay at domain eircom.net said:
> I'm not aware of having set-up any firewalling on my box, it's just a mixed
> bag of Debian from Progeny upto unstable. I have SmoothWall running on a
> seperate box for my dialup, so I just don't worry about security on the local
> side of things.
And there you've lost me :) I'm a RedHat zealot, you see.
> So, How, specifically, can I enable X to connect? I am guessing that port
> 6000 must be opened up somehow? Also, I remember various things about X
> having it's own protection from outside connections, but I don't remember
> where? I've been through this before when my Daughters first PC was a 486
> running just an X server and connecting to my box using X -query 192.168.1.1,
> but that was many years ago.
>
Mmmm. That vaguely rings a bell. There is, I think, a way to tell X
not to listen on anything other than the local interface. Here's a
quick check:
Container-Box > netstat -ant | grep LISTEN | grep 6000
(The 6000 is X display 0, btw)
If that comes back without displaying an entry for 0.0.0.0, that's
your culprit. Being a zealot, I automatically assumed you were running
RedHat ;) If your X server is not listening on 0.0.0.0, you can only
connect to it from the local server. Looking at the X command-line
options, I see "-nolisten string" which tells the server not to bother
listening with a given protocol, which may well be how your server is
configured. The other option, if 0.0.0.0 /is/ displayed in the list
above, is that some sort of iptables/ipchains stuff is blocking access
to the port. Investigating these further I'm going to have to leave to
you, because I'm not familiar with how these things are done in debian
or progeny. I will suggest the following: kill your X session on
Container-Box, and restart it manually like so:
Container-Box> X
That will start a raw X session with no window manager, and more
importantly no command line switches. Flip back to a VT and check if
the server is now listening on 0.0.0.0. If it is, yay, you've found
your problem. If it's not, you're gonna have to go digging in the X
config. If this /is/ your problem, you're going to have to track down
the scripts used to start X (startx, xinit) and find out which one is
adding in the relevant disabling command.
And that's about all the help I can give you without breaking into
your box :)
> Thanks again for all the help for the clueless ;)
Hey, I get a chance to show off my l33t sk1llz, or something. *cough*
> Cheers,
> John Gay
Cheers,
Waider.
-- waider at domain waider.ie / Yes, it /is/ very personal of me. "Simple: crypto derives from the word meaning "lie", so when the boss asks about the crypto stuff, lie through your teeth." - Lockhart
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:17:47 GMT