on Tue, Apr 10, 2001 at 11:08:17AM +0100, Pedro Guerreiro (pmguerre@ualg.pt) wrote:
> Hello.
>
> I'm having some trouble installing an Xproxy in my system, can someone
> give some (ANY) ideas?
What exactly do you mean by Xproxy?
If you're looking for remote X access, you're trying too hard.
> This is what I want to do: I have a COW (Cluster of Workstations) in a
> private subnet, and a gateway to connect them all to the outside world
> (in this case our Faculty net). I want to give access to the COW to
> all/some of our teachers through the gateway, using X. As 99% of them
> are using some version of Windows (95,98,NT,2000), the connection will
> be through some X client, like X-Win32, or similar.
Not "X client", but "X server". Specifically, your teachers are running
an X terminal emulator on their desktop(s). Given they're running on a
less-stable Legacy MS Windows OS, I'd also suggest looking into VNC
(virtual network computer), which resolves several of the issues you're
dealing with.
> I've installed xdm on the gateway machine, and configure it to serve
> xdm through the net using XDMCP. This way the clients can connect to
> the gateway machine and the xdm login screen is shown on the client
> and allows the user to login. But this is not what I want, because I
> don't want the user to login to the gateway, but to some/any
> workstation inside the COW.
Note that "gateway" and "firewall" are distinct concepts. A gateway is
a link between two (or more) networks. A "firewall" is a fuzzier
concept, but is generally understood to be a system which filters TCP/IP
traffic by packet and/or protocol. It may also masquerade systems on
one side of the firewall to either reassign their IP addresses or map
multiple systems to a single IP.
If you can ping hosts on either side of the gateway (e.g.: you're not
masquerading many hosts to a single IP by port-masquerading), then your
problem's pretty simple.
If you're running a masquerading proxy and _can't_ resolve hosts on
one side of the gateway to the other, you need to establish a connection
from outside the gateway to host(s) inside the gateway. I believe this
calls for VPN. You need to make the secured network appear local to the
user's desktop. Note that this in itself bypasses much of the benefit
of the gateway if it's acting as a firewall or masquerading proxy.
> I've played around with lbxproxy/xfwp/proxymngr and can't figure how
> they are supposed to work.
Largely irrelevent.
- lbxproxy is the "low bandwidth X proxy". This is used only in
transmitting X over low-bandwidth (e.g.: dialup) lines.
- xfwp. This _might_ be useful if you're trying to send X sessions
over a firewall, but this doesn't appear to be the case.
> So this is what I want: The client (mainly using Windows) should
> connect to the COW. But between them is a gateway/firewall. How can I
> configure the gateway so that is allows the X connections to pass
> through?
My suggested solution. Don't.
Send your X sessions over SSH. This resolves most of the issues you're
dealing with, and adds security to boot.
MO:
- Firewall, if any, passes ssh requests on through.
- The gateway either provides direct IP access to hosts behind it, or
you port-forward specified ports to specified system IPs.
- Users initally SSH into their 'Nix system, authenticate themselves,
then launch X service(s) to be served to their desktop. I don't
know of any slick ways of doing this, though I'd be surprised and
somewhat disappointed if none of the Legacy MS Windows X server
vendors haven't incorporated this functionality.
Cheers.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? There is no K5 cabal
http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Attachment:
pgpkbQd9KAz9y.pgp
Description: PGP signature