[TriLUG] IPTABLES and XDMCP
Ken Mink
kmtrilug at nc.rr.com
Fri Aug 22 13:43:26 EDT 2003
Hey Roy,
Port 177 is the listening port of xdm on the other machine. When you
do the '-query :1 <your hostname>', you've told xdm to connect back to
your machine on port 6001. So what you'll need is
/sbin/iptables -A tcp_inbound -p TCP -s 0/0 --destination-port 6001 -j
ACCEPT
Displays start with :0 which is at port 6000 and go up from there. So
display :5 would be 6005. You get the idea. Since your using :1, your
display is listening on port 6001. Do a 'netstat -an | grep LISTEN' and
you'll see it. You should also see display :0 listening on port 6000.
Good Luck,
Ken
On Fri, 2003-08-22 at 12:03, Roy Vestal wrote:
> I'm trying to set it up that I can XDMCP to my servers from my RHL 9 box
> while running a IPTABLES firewall on the RHL 9 box. Now, if I stop
> IPTABLES (/sbin/service iptables stop) I can connect using XDMCP (X :1
> -query server.domain.name) fine. If I start it, it doesn't allow the
> connection. I've tried the following while IPTABLES was started but it
> didn't let me out. The port according to /etc/services is 177 TCP/UDP.
>
> /sbin/iptables -A tcp_inbound -p TCP -s 0/0 --destination-port 177:177
> -j ACCEPT
>
> /sbin/iptables -A udp_inbound -p UDP -s 0/0 --destination-port 177:177
> -j ACCEPT
>
> What have I missed?
--
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."--Benjamin Franklin
" 'Necessity' is the plea for every infringement of human liberty; it
is the argument of tyrants; it is the creed of slaves."--William Pitt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030822/19bcad2f/attachment.pgp>
More information about the TriLUG
mailing list