Thursday, August 02, 2012

X11 over firewall


did a quick study on X11 over firewall, and find two ways to do so .
1. X11 forwarding . Need to ensure SSH server by default/configured to support X11 forwarding on various unix-like platform.
2. Open port number 6000 to our laptop (using static ip ) that running x-server. Network team has to open this port on all  servers to those laptops needs to run x-window.
The followings links may help .
http://forums.vandyke.com/showthread.php?t=322

Tested that in order to run X11 application from UNIX server to our PC, we need to open TCP port number 6000 only .
i.e. The source ip is the unix server where we invoke xclock.
The destination ip is our PC, e.g. 10.84.100.24
Port number: TCP 6000
 

"Yes, in a nut shell. If you can connect via SSH, and your SSH server on the Unix side allows X11 port forwarding, then you can tunnel the X display back to your PC. NAT does matter in this case, since you are already connected.

Be sure *not* to set your DISPLAY variable after logon to the target server, and allow SSH to do it for you."



http://www.cyberciti.biz/tips/iptables-block-remote-x-window-server-connection.html

http://www.linux-tip.net/cms/content/view/302/26/


Here is X11 forwarding setting in putty.


Similarly, using openssh SSH in cygwin, needs to export DISPALY before invoke ssh command. e.g.

$ export DISPLAY=localhost:0

liqy@MP04ISLLIQY ~
$ ssh -X -l oracle dev07

Otherwise, may encounter below error.


dev07:B.11:TESTDB:/software/oracle> xclock                                                             
connect /tmp/.X11-unix/X0: No such file or directory
X connection to 10.132.90.1:11.0 broken (explicit kill or server shutdown).


Here are two sessions logon to same server 10.132.90.1 , note that the value of DISPLAY set by X11 forwarding are different: 10.132.90.1:10.0 and  10.132.90.1:12.0