Very Computer

Has anyone been able to get an xterm
working through a masqueraded firewall?
I get the following error starting xterm
on the outside of the firewall:

_X11TransSocketINETConnect: Can't
connect: errno = 111
xterm Xt error: Can't open display: %s

Is the protocol used by xterm
incompatible with private LAN IP# ?
Any hope to get this working?

Suggestions welcome!
Thanks

I display xterms to my NT Workstation which is behind my masq'd linux box all the time. I
use XWin32 as the X server on my NT box. Also, I use "ipmasqadm" to masq/port forward
packets through firewall (external to internal). You will need to download/compile/install
ipmasqadm package to use my example below. I have not tried rinetd, but it should
accomplish the same thing as ipmasqadm.

Good Luck
Steve Cowles

Example Information:
NT Box (X Server) IP address=192.168.9.21
External (registered) IP address of Linux Box=200.200.200.200
IP Address to invoke xterm (back to NT box) =100.100.100.100

Step 1:
Add the following commands (to rc.firewall in my case) to masq/port forward... port 6000
through linux box to internal NT box (or X Server). Also, if you are currently "blocking"
port 6000 using ipchains (i do) on your external interface, you will need to un-block port
6000 to allow the following to work!

/sbin/modprobe ip_masq_portfw
ipmasqadm portfw -a -P tcp -L 200.200.200.200 6000  -R 192.168.9.21 6000

Step 2:
Add the external host that is going to be allowed to display xterm session back to X
Server on internal LAN. Using my example, add host 100.100.100.100. On a linux box, type:
xhost +100.100.100.100. Using Xwin32, this is accomplished through a dialog box.
Accomplishes the same thing.

Step 3:
Telnet or SSH (whatever) to IP address 100.100.100.100 and login

Step 4:
Export DISPLAY variable back to external IP address of masq'd Linux box. Using my example:
export DISPLAY=200.200.200.200:0

Step 5:
Invoke xterm session, type:
xterm &

Thats it... I'm still working on getting XDMCP queries through my linux box so that I can
run Gnome, KDE, etc... So far my initital attempts have not been successful.

I too have this problem, however I have found two solutions (haven't tried
either one though).
1) you can use dxpc (http://ccwf.cc.utexas.edu/~zvonler/dxpc/)
2) if your remote machine has ssh installed then that's the solution (use
ssh)
3) you can portmap X through your masqueraded machine. Read the IPCHAIN
howto's.

Let me know if it works. I'm probably going to try the first (seems the
easiest).

Quote:> Has anyone been able to get an xterm
> working through a masqueraded firewall?
> I get the following error starting xterm
> on the outside of the firewall:

> _X11TransSocketINETConnect: Can't
> connect: errno = 111
> xterm Xt error: Can't open display: %s

> Is the protocol used by xterm
> incompatible with private LAN IP# ?
> Any hope to get this working?

> Suggestions welcome!
> Thanks

Sure, but it'll be a huge security hole.

I recommend you use ssh to connect to the system outside the firewall.
ssh will take care of automatically forwarding the X session over the
encrypted tunnel.

--

 pgpk -a finger://gonzo.wolfenet.com/jhardin    PGP key ID: 0x41EA94F5
 PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
----------------------------------------------------------------------
-
  In the Lion
  the Mighty Lion
  the Zebra sleeps tonight...
  Dee de-ee-ee-ee-ee de de de we um umma way!