Re: SOLVED: Xorg listening on the WAN? (was Xorg listening on the WAN?)
# look like: # XTerminalName:0 foreign # :0 local /usr/local/bin/X -nolisten tcp :0 If there's batter way of doing this, please would someone let me know. this is the right way if you use xdm. similar settings are in kdm and gdm possible. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Xorg listening on the WAN?
FreeBSD 9.0-RELEASE I think Xorg is listening on external addresses: $ sockstat -46 |grep Xorg root Xorg 1573 1 tcp6 *:6000*:* root Xorg 1573 3 tcp4 *:6000*:* $ netstat -a|grep x11 tcp4 0 0 *.x11 *.*LISTEN tcp6 0 0 *.x11 *.*LISTEN I'm new to FreeBSD, but if I interpret this correctly, x11 is listening for connections on port 6000 for connections from any IPv4 or IPv6 address. I don't think I'm in any immediate danger, as I am behind a router which will block incoming connection attempts, which (virtually) all seem to be on the http port (80) anyway. But it would give me a warm fuzzy feeling to stop x11 listening externally at all - I don't think I need it. How can I go about that please? In case it makes a difference, I am using XDM with standard LXDE. I do not use startx to initiate my sessions. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xorg listening on the WAN?
El día Monday, June 25, 2012 a las 06:58:25PM +, Walter Hurry escribió: $ netstat -a|grep x11 tcp4 0 0 *.x11 *.*LISTEN tcp6 0 0 *.x11 *.*LISTEN I'm new to FreeBSD, but if I interpret this correctly, x11 is listening for connections on port 6000 for connections from any IPv4 or IPv6 address. I don't think I'm in any immediate danger, as I am behind a router which will block incoming connection attempts, which (virtually) all seem to be on the http port (80) anyway. But it would give me a warm fuzzy feeling to stop x11 listening externally at all - I don't think I need it. How can I go about that please? $ man Xorg | col -b | fgrep -- -nolisten HIH matthias -- Matthias Apitz e g...@unixarea.de - w http://www.unixarea.de/ UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xorg listening on the WAN?
On Mon, 25 Jun 2012 21:22:57 +0200, Matthias Apitz wrote: $ man Xorg | col -b | fgrep -- -nolisten Thanks for the pointer. I'm probably being stupid here, and I should have mentioned that I had already tried 'man Xorg' and 'man Xsession'. I appreciate that the answer is probably to put '-nolisten tcp' somewhere, but where? As far as I can see, XDM invokes /usr/local/lib/X11/xdm/Xsession, which seems to do little more than call $HOME/.xsession. This last runs /usr/ local/bin/startlxde, which in turn invokes /usr/local/bin/lxsession (a binary). I have looked at 'man lxsession' and found it of little help. So I'm rather lost. Can you amplify a little? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xorg listening on the WAN?
El día Monday, June 25, 2012 a las 07:51:02PM +, Walter Hurry escribió: On Mon, 25 Jun 2012 21:22:57 +0200, Matthias Apitz wrote: $ man Xorg | col -b | fgrep -- -nolisten Thanks for the pointer. I'm probably being stupid here, and I should have mentioned that I had already tried 'man Xorg' and 'man Xsession'. I appreciate that the answer is probably to put '-nolisten tcp' somewhere, but where? $ cat ~/.xserverrc exec X -nolisten tcp -retro HIH matthias -- Matthias Apitz e g...@unixarea.de - w http://www.unixarea.de/ UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xorg listening on the WAN?
El día Monday, June 25, 2012 a las 09:58:37PM +0200, Matthias Apitz escribió: El día Monday, June 25, 2012 a las 07:51:02PM +, Walter Hurry escribió: On Mon, 25 Jun 2012 21:22:57 +0200, Matthias Apitz wrote: $ man Xorg | col -b | fgrep -- -nolisten Thanks for the pointer. I'm probably being stupid here, and I should have mentioned that I had already tried 'man Xorg' and 'man Xsession'. I appreciate that the answer is probably to put '-nolisten tcp' somewhere, but where? $ cat ~/.xserverrc exec X -nolisten tcp -retro sorry, it took me some time to remember where the pointer is: $ man xinit | col -b | fgrep xserverrc matthias -- Matthias Apitz e g...@unixarea.de - w http://www.unixarea.de/ UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xorg listening on the WAN?
On Mon, 25 Jun 2012 22:05:50 +0200, Matthias Apitz wrote: El día Monday, June 25, 2012 a las 09:58:37PM +0200, Matthias Apitz escribió: El día Monday, June 25, 2012 a las 07:51:02PM +, Walter Hurry escribió: On Mon, 25 Jun 2012 21:22:57 +0200, Matthias Apitz wrote: $ man Xorg | col -b | fgrep -- -nolisten Thanks for the pointer. I'm probably being stupid here, and I should have mentioned that I had already tried 'man Xorg' and 'man Xsession'. I appreciate that the answer is probably to put '-nolisten tcp' somewhere, but where? $ cat ~/.xserverrc exec X -nolisten tcp -retro sorry, it took me some time to remember where the pointer is: $ man xinit | col -b | fgrep xserverrc Thanks again for your assistance. I didn't have a $HOME/.xserverrc, so I created one with your contents (permissions 744). It doesn't seem to have made any difference at all, though. After restart, I am still getting the same output from netstat and sockstat. So I'm still in the dark. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
SOLVED: Xorg listening on the WAN? (was Xorg listening on the WAN?)
On Mon, 25 Jun 2012 20:33:15 +, Walter Hurry wrote: On Mon, 25 Jun 2012 22:05:50 +0200, Matthias Apitz wrote: El día Monday, June 25, 2012 a las 09:58:37PM +0200, Matthias Apitz escribió: El día Monday, June 25, 2012 a las 07:51:02PM +, Walter Hurry escribió: On Mon, 25 Jun 2012 21:22:57 +0200, Matthias Apitz wrote: $ man Xorg | col -b | fgrep -- -nolisten Thanks for the pointer. I'm probably being stupid here, and I should have mentioned that I had already tried 'man Xorg' and 'man Xsession'. I appreciate that the answer is probably to put '-nolisten tcp' somewhere, but where? $ cat ~/.xserverrc exec X -nolisten tcp -retro sorry, it took me some time to remember where the pointer is: $ man xinit | col -b | fgrep xserverrc Thanks again for your assistance. I didn't have a $HOME/.xserverrc, so I created one with your contents (permissions 744). It doesn't seem to have made any difference at all, though. After restart, I am still getting the same output from netstat and sockstat. So I'm still in the dark. Of course! Looking back at the output from sockstat in my original post, X is running under root, so no amount of tinkering with files in $HOME is going to change anything. So I looked into XDM's configuration files in /usr/local/lib/X11/xdm, and found what change did the trick: $ cat /usr/local/lib/X11/xdm/Xservers # # Xservers file, workstation prototype # # This file should contain an entry to start the server on the # local display; if you have more than one display (not screen), # you can add entries to the list (one per line). If you also # have some X terminals connected which do not support XDMCP, # you can add them here as well. Each X terminal line should # look like: # XTerminalName:0 foreign # :0 local /usr/local/bin/X -nolisten tcp :0 If there's batter way of doing this, please would someone let me know. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xorg listening on the WAN?
Xorg -nolisten tcp to disable at all to disable wan only use firewall On Mon, 25 Jun 2012, Walter Hurry wrote: FreeBSD 9.0-RELEASE I think Xorg is listening on external addresses: $ sockstat -46 |grep Xorg root Xorg 1573 1 tcp6 *:6000*:* root Xorg 1573 3 tcp4 *:6000*:* $ netstat -a|grep x11 tcp4 0 0 *.x11 *.*LISTEN tcp6 0 0 *.x11 *.*LISTEN I'm new to FreeBSD, but if I interpret this correctly, x11 is listening for connections on port 6000 for connections from any IPv4 or IPv6 address. I don't think I'm in any immediate danger, as I am behind a router which will block incoming connection attempts, which (virtually) all seem to be on the http port (80) anyway. But it would give me a warm fuzzy feeling to stop x11 listening externally at all - I don't think I need it. How can I go about that please? In case it makes a difference, I am using XDM with standard LXDE. I do not use startx to initiate my sessions. Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Xorg listening on the WAN?
I'm probably being stupid here, and I should have mentioned that I had already tried 'man Xorg' and 'man Xsession'. I appreciate that the answer is probably to put '-nolisten tcp' somewhere, but where? As far as I can see, XDM invokes /usr/local/lib/X11/xdm/Xsession, which at Xservers file seems to do little more than call $HOME/.xsession. This last runs /usr/ local/bin/startlxde, which in turn invokes /usr/local/bin/lxsession (a binary). I have looked at 'man lxsession' and found it of little help. So I'm rather lost. Can you amplify a little? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org