On Tue, Dec 27, 2005 at 02:43:48PM +0100, Didier Wiroth wrote:
> Hello,
> I'm running current (built a few hours ago) on a test machine.
> I'm connecting via ssh (from a windows box) and I try to launch an X
> application.
> X forwarding fails, here is a sample output:
>
> ~ $ xclock &
> [1] 10951
> [EMAIL PROTECTED]
> ~ $ Error: Can't open display: localhost:11.0
>
> Unfortunately, as you see, I'm not able to forward X11 until I disable
> pf (pfctl -d).
> After disabling pf, forwarding works well and I'm able to forward any X
> application.
>
> Did I miss something, what is my problem?
> Thank you very much
> Didier
>
> Here is the (simple) pf.conf of the ssh server:
> ext_if="bge0"
> table <friends> persist
> table <hostile> persist
>
> #OPTIONS
> set loginterface $ext_if
>
> #NORMALIZE
> scrub in on $ext_if fragment reassemble
>
> #REDIRECTING
>
> #DEFAULT BLOCK
> block log quick inet from <hostile>
> block quick inet6
you can debug this kind of stuff using tcpdump(8).
try passing inet6 on lo0.
> block log (all) all
>
> pass quick on lo0
> pass in quick on $ext_if inet proto tcp from <friends> to $ext_if\
> port 22 modulate state label ssh
> pass out quick on $ext_if inet proto { tcp, udp } from $ext_if to any \
> keep state label out_traffic
Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
