> Hi, > I want to run a local X client that is behind an IP-MASQ'ed network. > The server on the other side is a Sparc Station. I have already set it up > for remote access from a Win 3.11 X-Win client. > I now have a Debian X Win client, but I can't get it to work behind the > firewall. > > I have tried "ipautofw -A -r udp 177 177 -h 192.168.0.7", and the same > for tcp. I also tried "redir --debug --syslog 192.168.0.7 177 177", but > popeye (the remote), always came up with can't open display > "thomson.slip.vuw.ac.nz:0.0" > thomson.slip... is the real address of the Masq'ed machine. > 192.168.0.7 is the address of the client machine. > I have typed xhost popeye.emf.vuw.ac.nz as well. > > Thanks for any help, > > -Tim.
I've used a router with SUA NAT which is similar to IP-MASQ. Most connections work because the router takes the internal ip address/port and translates them to it's ip address/another port. Any packets coming from the external net go through the reverse translation. The problem with X is that the external net initiates the connection, so there is no reverse translation. With my router I can set one internal machine to receive all unrecognized packets, so only one machine could receive X commands from an external client (the X server is run locally, I always have to think about the client/server terms in X.) Here is the configuration: router ip address: 172.31.23.1 workstation to receive unrecognized packets: 192.168.100.7 DISPLAY variable on remote workstation: 172.31.23.1:0 Note that the DISPLAY is set to the router address, not the workstation address. I think ssh may provide a better mechanism for doing this and possibly avoid the single ip address limitation for unrecognized packets. I have ssh working locally, but it's not on all the systems at work yet. Well I just experimented with ssh some more, and I'm going to add my recommendation to all the others I've heard recently. USE SSH! IP-MASQ may have more support for looking into the packet data instead of just looking at the address. In that case, it may work better than the router for some wierd protocols which embed addressing info in the data portion of the packet and not just in the headers. Note that I think this includes CU-See-Me, videoconferencing (H.xxx), network games... -- Lee Bradshaw [EMAIL PROTECTED] (preferred) Next Level Communications [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
