Re: [techtalk] X port

Sun, 25 Jun 2000 09:10:40 -0700 

On Fri, 23 Jun 2000, Malcolm Tredinnick wrote:

> On Fri, Jun 23, 2000 at 09:23:01AM +1000, Jenn V. wrote:
> > Adrian Glover wrote:
> > > 
> > > What ports does X-Windows use to transmit over TCP/IP ?
> > > 
> > > Does anyone know how to configure this to work on the
> > > (http://edge.fireplug.net/) Fireplug edge firewall?
> > 
> > Do you mean 'to transmit an X-Windows session over TCP/IP'?
> > Not sure. Be aware that it can be made to run under SSH, so
> > you may want to poke holes there as well.
> 
> Typically, X connects on ports 6000, 6001, 6002, ... (where the number
> increments for each connection). The fun thing here is that you can't
> completely block off these ports, because of the way X runs even on the local
> machine -- the local machine must be able to connect to those ports. So if you
> are controlling the external connections, you have to ensure that you still
> leave local access to those ports (trust me .. it *is* possible to mess this
> up if you are me!).

Not quite. Local connections (as in "DISPLAY=:n", where n is your display
number) go through local (UNIX) sockets, so they are not affected by IP
firewalling. Here (XFree86-3.3.6), the sockets are in /tmp/.X11-unix/Xn.
If you want to mess up X by firewalling, you'd have to set the DISPLAY to
something like "localhost:n".

---- 8< ----
nils@wombat:~> su -c 'ipchains -L input' 
Password: 
Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
REJECT     tcp  ----l-  anywhere             anywhere              any -> 6000
nils@wombat:~> DISPLAY=localhost:0 xhost
_X11TransSocketINETConnect: Can't connect: errno = 111
_X11TransSocketINETConnect: Can't connect: errno = 111
_X11TransSocketINETConnect: Can't connect: errno = 111
_X11TransSocketINETConnect: Can't connect: errno = 111
_X11TransSocketINETConnect: Can't connect: errno = 111
_X11TransSocketINETConnect: Can't connect: errno = 111
xhost:  unable to open display "localhost:0"
nils@wombat:~> DISPLAY=:0 xhost
access control enabled, only authorized clients can connect
---- >8 ----

Nils
-- 
 Nils Philippsen / Berliner Straße 39 / D-71229 Leonberg // +49.7152.209647
[EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED]
   The use of COBOL cripples the mind; its teaching should, therefore, be
   regarded as a criminal offence.                  -- Edsger W. Dijkstra



_______________________________________________
techtalk mailing list
[EMAIL PROTECTED]
http://www.linux.org.uk/mailman/listinfo/techtalk

Reply via email to