Re: Help setting DISPLAY to an ipmasq'd machine.
Yes, you're doing it wrong.
1.) You don't need two ssh sessions; just one, from xserver_machine to
work_linux_box:
ssh -C -X work_linux_box from xserver_machine
2.) When you set the display to ipmasq_box:0.0, you're asking the remote
host to display X apps on the main display of your ipmasq_box - which,
luckily, your ipmasq_box refuses to do. What you want to do is route X
packets through your ssh tunnel. Most ssh servers set $DISPLAY
appropriately, so before doing the export DISPLAY part, do:
echo $DISPLAY
DISPLAY should contain the name of the *remote* host, followed by a colon,
then x.0 where x>1. Mine contains:
aperrin@achebe:~$ ssh -X isis.unc.edu
aperrin@login2 ~ >echo $DISPLAY
login2.isis.unc.edu:11.0
If you don't get that, I'm not entirely sure how to figure out which
display will tunnel for you (the 11.0 in this case). Maybe others can help
there.
The theory is this: you open a connection from your firewalled machine to
your work machine. You do this in a secure way, using ssh, that is
permitted by both firewalls. You then use this secure channel to funnel X
packets through. X client apps on your work box "display" to a dummy
server on the same machine, so far as they know. That dummy server,
though, catches the packets and sends them over the pre-existing ssh
tunnel to your xserver_machine, where your ssh client grabs them back and
sends them to xserver_machine's local X server.
Hope this helps.
----------------------------------------------------------------------
Andrew J Perrin - andrew_perrin@unc.edu - http://www.unc.edu/~aperrin
Asst Professor of Sociology, U of North Carolina, Chapel Hill
269 Hamilton Hall, CB#3210, Chapel Hill, NC 27599-3210 USA
On Fri, 8 Jun 2001 maillst@bellsouth.net wrote:
> OK, I just tried this:
>
> ssh -C -X ipmasq_box from work_linux_box
> ssh -C -X xserver_box from ipmasq_box (same session as above)
>
> In a new work_linux_box session: export DISPLAY=ipmasq_box:0.0
> xterm &
>
> I get:
> _X11TransSocketINETConnect: Can't connect: errno = 111
> xterm Xt error: Can't open display: ipmasq_box:0.0
>
> If I run xterm from xserver_box, the xterm is displayed on work_linux_box.
>
> Am I doing this wrong? Also, does ipmasq_box need to be running an xserver? Right now it does not, but it has most if not all of the xserver stuff on it.
>
> Thanks,
>
> maillst
> On Fri, Jun 08, 2001 at 11:26:04AM -0500, Andrew Perrin wrote:
> > It's non-trivial, since under the X protocol the socket will be
> > initialized by work_linux_box, which means you need some way to tell
> > ipmasq_machine to forward those packets to xserver_machine. You could do
> > this with a specific ipchains rule for that situation, assuming you want
> > *all* X packets coming from work_linux_box to be routed to
> > xserver_machine; you'd have to forward all packets coming from x.x.x.x on
> > whatever port X comes in on to xserver_machine.
> >
> > There's an easier way, though, which is what I generally do in a similar
> > situation: open an ssh session from xserver_machine to work_linux_box:
> >
> > ssh -C -X work_linux_box
> >
> > then, once logged in via ssh, make sure your DISPLAY variable is set
> > correctly (most ssh servers do this right- it should be
> > work_linux_box:x.0, where x > 0). work_linux_box is now sending X packets
> > to itself on a different X display, which is caught by ssh and tunnelled
> > to xserver_machine.
> >
> > Hope this helps.
> >
> > ----------------------------------------------------------------------
> > Andrew J Perrin - andrew_perrin@unc.edu - http://www.unc.edu/~aperrin
> > Asst Professor of Sociology, U of North Carolina, Chapel Hill
> > 269 Hamilton Hall, CB#3210, Chapel Hill, NC 27599-3210 USA
> >
> >
> > On Fri, 8 Jun 2001 maillst@bellsouth.net wrote:
> >
> > > I need some help figuring out how to set the display variable to a machine that is being ipmasq'd on my network.
> > >
> > > Here is what I have:
> > >
> > > Xserver_machine (192.168.1.3)
> > > |
> > > |
> > > IPMasq_Machine (192.168.1.1 on internal network)
> > > | (x.x.x.x on internet)
> > > ------------
> > > | Internet |
> > > ------------
> > > |
> > > Company_Firewall (y.y.y.y on internet)
> > > | (10.a.b.c on company lan)
> > > Work_linux_box (10.d.e.f)
> > >
> > > I want to set the DISPLAY variable on work_linux_box to display on Xserver_machine to assist me doing off hours support. It will be difficult to get the comany to modify the firewall.
> > >
> > > So, is this possible to do? If so, what exactly do I need to do on the linux side. I do have it setup that I can ssh from work_linux_box to ipmasq_machine and from there to anywhere on the 192.168 lan. So I have that much connectivity setup.
> > >
> > > Thanks for any help, and feel free to ask if more information is needed (the real internet ip's will NOT be supplied to help prevent attacks against me or my work).
> > >
> > > Thanks,
> > >
> > > maillst
> > >
> > >
> > > --
> > > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> > > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> > >
> > >
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Reply to: