Re: Problems with X11 traffic over ssh in pf.conf
Are you using antispoof in your pf.conf? if so, X11 forwarding will not work. carlopmart wrote: Hi all, I need to allow X11 services over ssh for my developers on one openbsd box. Rule for ssh service works ok, but when I try to start a X11 app (like xterm for example on destination host) doesn't works. On openbsd side nothing is dropped. Somebody knows how can I debug this?? Do I need to open additional ports or protocols?? Many thanks.
Re: Problems with X11 traffic over ssh in pf.conf
On Fri, Mar 23, 2007 at 08:35:19AM +0100, carlopmart wrote: > My problem is wih pf rules. If I put on pf.conf "pass all", all works ok. Did you remember to pass loopback connections?
Re: Problems with X11 traffic over ssh in pf.conf
On 3/23/07, carlopmart <[EMAIL PROTECTED]> wrote: My problem is wih pf rules. If I put on pf.conf "pass all", all works ok. Then the easiest debugging feature is doing a tcpdump on pflog0 for blocked packets. Assuming (without your pf.conf, it's hard to guess) you use a default block, add a log clause to that line. Blocked packets will then show up on tcpdump. $ sudo tcpdump -n -e -vv -ttt -i pflog0 Hope this helps, Rogier -- If you don't know where you're going, any road will get you there.
Re: Problems with X11 traffic over ssh in pf.conf
Rogier Krieger wrote: On 3/23/07, carlopmart <[EMAIL PROTECTED]> wrote: Do I need to open additional ports or protocols?? Not so much additional ports or protocols, but are you sure you enabled X11 forwarding? A few suggestions for things to check: + in /etc/ssh/sshd_config, did you enable 'X11Forwarding' ? Yes + for the ssh client(s), did you choose to enable X11 forwarding? Yes In ssh, you can use either the -X command line option or use settings to that effect in your config file (see ssh_config(5) for more info). Hope this helps, Rogier My problem is wih pf rules. If I put on pf.conf "pass all", all works ok. -- CL Martinez carlopmart {at} gmail {d0t} com
Re: Problems with X11 traffic over ssh in pf.conf
On 3/23/07, carlopmart <[EMAIL PROTECTED]> wrote: Do I need to open additional ports or protocols?? Not so much additional ports or protocols, but are you sure you enabled X11 forwarding? A few suggestions for things to check: + in /etc/ssh/sshd_config, did you enable 'X11Forwarding' ? + for the ssh client(s), did you choose to enable X11 forwarding? In ssh, you can use either the -X command line option or use settings to that effect in your config file (see ssh_config(5) for more info). Hope this helps, Rogier -- If you don't know where you're going, any road will get you there.
Problems with X11 traffic over ssh in pf.conf
Hi all, I need to allow X11 services over ssh for my developers on one openbsd box. Rule for ssh service works ok, but when I try to start a X11 app (like xterm for example on destination host) doesn't works. On openbsd side nothing is dropped. Somebody knows how can I debug this?? Do I need to open additional ports or protocols?? Many thanks. -- CL Martinez carlopmart {at} gmail {d0t} com