 |
 |
Firewall and DISPLAY problems
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Feb 2003
Location: Cupertino, CA, USA
Status:
Offline
|
|
I've been having some problems getting X windows to display on my Mac. The issue is the firewall. With the firewall on, no X windows return to the Mac. With the firewall off they show up (like xclock, etc...). I'm uncomfortable running with the firewall off so what can I configure to leave the firewall on and still have X windows show up on my Mac?
For the record I do the following:
Setup:
use X11
Mac ip is dynamic
run X11
xhost + hostname
setenv DISPLAY mac-ip:0.0
telnet hostname
setenv DISPLAY mac-ip:0.0
xclock &
With the firewall off xclock shows up on the Mac as expected. With firewall on xclock runs with no errors or warnings but the display never makes it to the Mac.
Searching thru many previous posts I see the use of ipfw may be in order and possibly Brickhouse. Any tips would be appreciated.
Thanks,
Todd
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Dec 2002
Location: Portland, OR
Status:
Offline
|
|
Can you ssh into the box you are trying to run X apps from? That way they get tunneled to localhost and the firewall won't cause you any problems. This is the best solution.
Otherwise, you will need to either manually edit the firewall tables or get a utility that will do it for you. I'm not familiar with any though, so I can't make a recommendation. I'm always behind hardware firewalls so I never turn mine on.
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jul 2002
Location: Boston, MA
Status:
Offline
|
|
X-Windows generally uses port 6000-6063. Try opening those ports on your Mac to get X11 traffic back in.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 2001
Location: Atlanta, GA, USA
Status:
Offline
|
|
kampl is right about the ports. However, if you ssh into the box instead of using telnet, you can forward your XWindows back through the ssh tunnel.
From the ssh man page:
Code:
X11 and TCP forwarding
If the ForwardX11 variable is set to ``yes'' (or, see the description of
the -X and -x options described later) and the user is using X11 (the
DISPLAY environment variable is set), the connection to the X11 display
is automatically forwarded to the remote side in such a way that any X11
programs started from the shell (or command) will go through the
encrypted channel, and the connection to the real X server will be made
from the local machine. The user should not manually set DISPLAY. For-
warding of X11 connections can be configured on the command line or in
configuration files.
The DISPLAY value set by ssh will point to the server machine, but with a
display number greater than zero. This is normal, and happens because
ssh creates a ``proxy'' X server on the server machine for forwarding the
connections over the encrypted channel.
ssh will also automatically set up Xauthority data on the server machine.
For this purpose, it will generate a random authorization cookie, store
it in Xauthority on the server, and verify that any forwarded connections
carry this cookie and replace it by the real cookie when the connection
is opened. The real authentication cookie is never sent to the server
machine (and no cookies are sent in the plain).
|
|
Mac Pro 2x 2.66 GHz Dual core, Apple TV 160GB, two Windows XP PCs
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
