Re: Using X behind IP-MASQ

To: debian-user@lists.debian.org
Subject: Re: Using X behind IP-MASQ
From: lee.bradshaw@mindspring.com (Lee Bradshaw)
Date: Sat, 17 Jan 1998 15:09:23 -0500 (EST)
Message-id: <[🔎] m0xteYV-000XQxC@freefall.home.bradshaw>

> Hi,
> I want to run a local X client that is behind an IP-MASQ'ed network.
> The server on the other side is a Sparc Station. I have already set it up 
> for remote access from a Win 3.11 X-Win client.
> I now have a Debian X Win client, but I can't get it to work behind the
> firewall.
> 
> I have tried "ipautofw  -A -r udp 177 177 -h 192.168.0.7", and the same
> for tcp. I also tried "redir --debug --syslog 192.168.0.7 177 177", but
> popeye (the remote), always came up with can't open display
> "thomson.slip.vuw.ac.nz:0.0"
> thomson.slip... is the real address of the Masq'ed machine.
> 192.168.0.7 is the address of the client machine.
> I have typed xhost popeye.emf.vuw.ac.nz as well.
> 
> Thanks for any help,
> 
> -Tim.

I've used a router with SUA NAT which is similar to IP-MASQ.  Most
connections work because the router takes the internal ip address/port
and translates them to it's ip address/another port.  Any packets coming
from the external net go through the reverse translation.  The problem
with X is that the external net initiates the connection, so there is
no reverse translation.  With my router I can set one internal machine
to receive all unrecognized packets, so only one machine could receive
X commands from an external client (the X server is run locally, I
always have to think about the client/server terms in X.)  Here is the
configuration:

router ip address:                           172.31.23.1
workstation to receive unrecognized packets: 192.168.100.7
DISPLAY variable on remote workstation:      172.31.23.1:0

Note that the DISPLAY is set to the router address, not the workstation
address.  I think ssh may provide a better mechanism for doing this
and possibly avoid the single ip address limitation for unrecognized
packets.  I have ssh working locally, but it's not on all the systems at
work yet.

Well I just experimented with ssh some more, and I'm going to add my
recommendation to all the others I've heard recently.  USE SSH!

IP-MASQ may have more support for looking into the packet data instead
of just looking at the address.  In that case, it may work better than
the router for some wierd protocols which embed addressing info in the
data portion of the packet and not just in the headers.  Note that
I think this includes CU-See-Me, videoconferencing (H.xxx), network
games...

-- 
Lee Bradshaw                 lee.bradshaw@mindspring.com (preferred)
Next Level Communications    bradshaw@nlc.com


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Prev by Date: Re: Problems with 80386 and 4 MB of RAM
Next by Date: Fw: Problems with 80386 and 4 MB of RAM
Previous by thread: RE: Using X behind IP-MASQ
Next by thread: hamm procps bug?
Index(es):
- Date
- Thread