[TriLUG] IPTABLES and XDMCP

Ken Mink kmtrilug at nc.rr.com
Mon Aug 25 18:35:47 EDT 2003


Hey Roy,
  You might want to check on the traffic between your machine and udp
port 177. You might try adding a rule allowing incoming udp traffic
originating from port 177. You allowed outgoing, you may need to allow
the traffic bad in. It is udp, so it may not qualify under the
established connections rules.
  To get it to work for me, I added the following two rules:
iptables -I RH-Lokkit-0-50-INPUT 1 -p tcp --dport 6001 -j ACCEPT
iptables -I RH-Lokkit-0-50-INPUT 1 -p udp --sport 177 -j ACCEPT

Good Luck,
Ken

On Mon, 2003-08-25 at 16:58, Roy Vestal wrote:
> Didn't work.  :( I see the listener but it's not working...
> 
> 
> 
> On Fri, 2003-08-22 at 13:43, Ken Mink wrote:
> > Hey Roy,
> >   Port 177 is the listening port of xdm on the other machine. When you
> > do the '-query :1 <your hostname>', you've told xdm to connect back to
> > your machine on port 6001. So what you'll need is
> > 
> > /sbin/iptables -A tcp_inbound -p TCP -s 0/0 --destination-port 6001 -j
> > ACCEPT
> > 
> > Displays start with :0 which is at port 6000 and go up from there. So
> > display :5 would be 6005. You get the idea. Since your using :1, your
> > display is listening on port 6001. Do a 'netstat -an | grep LISTEN' and
> > you'll see it. You should also see display :0 listening on port 6000.
> > 
> > Good Luck,
> > Ken
> > 
> > On Fri, 2003-08-22 at 12:03, Roy Vestal wrote:
> > > I'm trying to set it up that I can XDMCP to my servers from my RHL 9 box
> > > while running a IPTABLES firewall on the RHL 9 box. Now, if I stop
> > > IPTABLES (/sbin/service iptables stop) I can connect using XDMCP (X :1
> > > -query server.domain.name) fine. If I start it, it doesn't allow the
> > > connection. I've tried the following while IPTABLES was started but it
> > > didn't let me out. The port according to /etc/services is 177 TCP/UDP.
> > > 
> > > /sbin/iptables -A tcp_inbound -p TCP -s 0/0 --destination-port 177:177
> > > -j ACCEPT
> > > 
> > > /sbin/iptables -A udp_inbound -p UDP -s 0/0 --destination-port 177:177
> > > -j ACCEPT
> > > 
> > > What have I missed?
-- 
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."--Benjamin Franklin
" 'Necessity' is the plea for every infringement of human liberty; it
is the argument of tyrants; it is the creed of slaves."--William Pitt 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030825/6b3a435b/attachment.pgp>


More information about the TriLUG mailing list