Re: [expert] xhost problem
Ok. I have problems to run InteractiveBastille. But I think (and in fact it works) we can edit /etc/Bastille/bastille-firewall.cfg, look for the line TCP_PUBLIC_SERVICES= and add the port 6000, as said Angus. Then exec /etc/init.d/bastille-firewall stop /etc/init.d/bastille-firewall start. Thanks. Salu2, Oscar. Angus Beath escribió: Hey, From what I have seen, try running InteractiveBastille from the command line. Go through the various questions until you get to this question = TCP service names or port numbers to allow on public interfaces:. For the answer, you should put any ports down which you want open to the world. For example I have ports 22 and 25 open (ssh and smtp). You might want to have port 6000 open (I think it's X11). This should allow you to successfully make X connections to your server. HTH Regards, Angus Beath -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Oscar Sent: Wednesday, 11 July 2001 8:00 AM To: [EMAIL PROTECTED] Subject: Re: [expert] xhost problem Today I have activated tiny-firewall. Here is the problem If tiny-firewall (bastille-firewall) is off, I can run x programs on my server, but if it's on, I can't. Then, the solution is: Configure correctly tiny-firewall to allow x conections (I still don't know how, help, experts!) or stop it. Salu2, Óscar. El Vie 06 Jul 2001 12:51, escribiste: Hi All, Does anyone have any suggestions as to what would stop xhost allowing incoming connections for other xserver on the same network. I do a xhost + 192.168.0.10 on the machine I am sitting at. (192.168.0.1) I then telnet to the 192.168.0.10 and in the csh, run setenv DISPLAY 192.168.0.1:0.0 and then run the program, ie: xsane for instance. Nothing then happens, if I strace the program, it sitts there waiting for a response to its connect statement, it is pointing at the correct ip address. It used to work, I have in host.allow on 192.168.0.1 the line ALL: 192.168.0.10 to allow all connections.I tried to use the tiny firewall, but each time I run it and check the hosts.* file, the hosts.* files are commented out. Is this normal. Any ideas would be appreciated. Mandrake 8.0 on celeron 466, 256 Ram kernel 2.4 Thanks. Dave
Re: [expert] xhost problem
Thanks for all your response, going to work now, will try out suggestions later. Thanks again. David. On Tuesday 10 July 2001 23:04, Aaron deRozario wrote: Going slightly O/T Is there a way of setting up dedicated X-terminals using SSH? I can see security and compression benefits over conventional X-terminals. Has anyone given it a try? Aaron -Original Message- From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 10:43 AM To: DStevenson Cc: [EMAIL PROTECTED] Subject:Re: [expert] xhost problem On Tue, 10 Jul 2001, DStevenson wrote: I put the xhost 192.168.0.10 into the file as you suggested, no change in problem. I put it before the xsession command. What files are associated with the xhost system? The program xsane returns the message 'Gtk cannot open display on xyz'. The other machine can open windows in the other direction though. It is just the one machine. The way I run X programs remotely is using OpenSSH's built-in X forwarding. Under most setups, it should take no more than: ssh -l user server.foo.com Then, at the prompt: $ xsane If you echo the display on the machine you've ssh'd to, it should already have DISPLAY set to something. eg: server:12.0 That way, you not only get pain-free X forwarding, it's wrapped in an ironclad encryption. You also don't need the X ports on your workstation open to any other machines, which can be a considerable security benefit. (since X runs as root and is a large and complex program read: more likely to have a vulnerability somewhere than a small, simpler program ) To explicitly allow X support on the remote side, you may need to say: X11Forwarding yes And, using windows programs like SecureCRT, etc, the ones that do port forwarding generally have a checkbox for 'forward X11 packets' or somesuch in the port forwarding configuration section. For a unix client (the one you initiate the ssh session on) ForwardX11 yes (default in mandrake) And explicit command-line arg is -X to enable ssh forwarding. i.e., ssh -X -l user host.foo.com There are also helpful things such as Compression that ssh can do if you ask it. Compression can be useful when your systems have fast CPU's, but their network connection is not as good as you'd like. Hope this helps! -pete
Re: [expert] xhost problem
On Friday 06 July 2001 09:32, Laura Conrad wrote: tech == tech DStevenson writes: tech Does anyone have any suggestions as to what would stop xhost tech allowing incoming connections for other xserver on the same tech network. I don't know what happened, but I started having similar problems when I upgraded to Mandrake 8. My solution is to put the xhost+ commands into my .xinitrc file. I put the xhost 192.168.0.10 into the file as you suggested, no change in problem. I put it before the xsession command. What files are associated with the xhost system? The program xsane returns the message 'Gtk cannot open display on xyz'. The other machine can open windows in the other direction though. It is just the one machine. The only thing I have done is install the tiny firewall, how do you get rid of this to test. I noticed that when I setup the firewall, all the hosts files were commented out. Dave
Re: [expert] xhost problem
Today I have activated tiny-firewall. Here is the problem If tiny-firewall (bastille-firewall) is off, I can run x programs on my server, but if it's on, I can't. Then, the solution is: Configure correctly tiny-firewall to allow x conections (I still don't know how, help, experts!) or stop it. Salu2, Óscar. El Vie 06 Jul 2001 12:51, escribiste: Hi All, Does anyone have any suggestions as to what would stop xhost allowing incoming connections for other xserver on the same network. I do a xhost + 192.168.0.10 on the machine I am sitting at. (192.168.0.1) I then telnet to the 192.168.0.10 and in the csh, run setenv DISPLAY 192.168.0.1:0.0 and then run the program, ie: xsane for instance. Nothing then happens, if I strace the program, it sitts there waiting for a response to its connect statement, it is pointing at the correct ip address. It used to work, I have in host.allow on 192.168.0.1 the line ALL: 192.168.0.10 to allow all connections.I tried to use the tiny firewall, but each time I run it and check the hosts.* file, the hosts.* files are commented out. Is this normal. Any ideas would be appreciated. Mandrake 8.0 on celeron 466, 256 Ram kernel 2.4 Thanks. Dave
RE: [expert] xhost problem
Hey, From what I have seen, try running InteractiveBastille from the command line. Go through the various questions until you get to this question = TCP service names or port numbers to allow on public interfaces:. For the answer, you should put any ports down which you want open to the world. For example I have ports 22 and 25 open (ssh and smtp). You might want to have port 6000 open (I think it's X11). This should allow you to successfully make X connections to your server. HTH Regards, Angus Beath -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Oscar Sent: Wednesday, 11 July 2001 8:00 AM To: [EMAIL PROTECTED] Subject: Re: [expert] xhost problem Today I have activated tiny-firewall. Here is the problem If tiny-firewall (bastille-firewall) is off, I can run x programs on my server, but if it's on, I can't. Then, the solution is: Configure correctly tiny-firewall to allow x conections (I still don't know how, help, experts!) or stop it. Salu2, Óscar. El Vie 06 Jul 2001 12:51, escribiste: Hi All, Does anyone have any suggestions as to what would stop xhost allowing incoming connections for other xserver on the same network. I do a xhost + 192.168.0.10 on the machine I am sitting at. (192.168.0.1) I then telnet to the 192.168.0.10 and in the csh, run setenv DISPLAY 192.168.0.1:0.0 and then run the program, ie: xsane for instance. Nothing then happens, if I strace the program, it sitts there waiting for a response to its connect statement, it is pointing at the correct ip address. It used to work, I have in host.allow on 192.168.0.1 the line ALL: 192.168.0.10 to allow all connections.I tried to use the tiny firewall, but each time I run it and check the hosts.* file, the hosts.* files are commented out. Is this normal. Any ideas would be appreciated. Mandrake 8.0 on celeron 466, 256 Ram kernel 2.4 Thanks. Dave
Re: [expert] xhost problem
On Tue, 10 Jul 2001, DStevenson wrote: I put the xhost 192.168.0.10 into the file as you suggested, no change in problem. I put it before the xsession command. What files are associated with the xhost system? The program xsane returns the message 'Gtk cannot open display on xyz'. The other machine can open windows in the other direction though. It is just the one machine. The way I run X programs remotely is using OpenSSH's built-in X forwarding. Under most setups, it should take no more than: ssh -l user server.foo.com Then, at the prompt: $ xsane If you echo the display on the machine you've ssh'd to, it should already have DISPLAY set to something. eg: server:12.0 That way, you not only get pain-free X forwarding, it's wrapped in an ironclad encryption. You also don't need the X ports on your workstation open to any other machines, which can be a considerable security benefit. (since X runs as root and is a large and complex program read: more likely to have a vulnerability somewhere than a small, simpler program ) To explicitly allow X support on the remote side, you may need to say: X11Forwarding yes And, using windows programs like SecureCRT, etc, the ones that do port forwarding generally have a checkbox for 'forward X11 packets' or somesuch in the port forwarding configuration section. For a unix client (the one you initiate the ssh session on) ForwardX11 yes (default in mandrake) And explicit command-line arg is -X to enable ssh forwarding. i.e., ssh -X -l user host.foo.com There are also helpful things such as Compression that ssh can do if you ask it. Compression can be useful when your systems have fast CPU's, but their network connection is not as good as you'd like. Hope this helps! -pete
RE: [expert] xhost problem
Going slightly O/T Is there a way of setting up dedicated X-terminals using SSH? I can see security and compression benefits over conventional X-terminals. Has anyone given it a try? Aaron -Original Message- From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 10:43 AM To: DStevenson Cc: [EMAIL PROTECTED] Subject: Re: [expert] xhost problem On Tue, 10 Jul 2001, DStevenson wrote: I put the xhost 192.168.0.10 into the file as you suggested, no change in problem. I put it before the xsession command. What files are associated with the xhost system? The program xsane returns the message 'Gtk cannot open display on xyz'. The other machine can open windows in the other direction though. It is just the one machine. The way I run X programs remotely is using OpenSSH's built-in X forwarding. Under most setups, it should take no more than: ssh -l user server.foo.com Then, at the prompt: $ xsane If you echo the display on the machine you've ssh'd to, it should already have DISPLAY set to something. eg: server:12.0 That way, you not only get pain-free X forwarding, it's wrapped in an ironclad encryption. You also don't need the X ports on your workstation open to any other machines, which can be a considerable security benefit. (since X runs as root and is a large and complex program read: more likely to have a vulnerability somewhere than a small, simpler program ) To explicitly allow X support on the remote side, you may need to say: X11Forwarding yes And, using windows programs like SecureCRT, etc, the ones that do port forwarding generally have a checkbox for 'forward X11 packets' or somesuch in the port forwarding configuration section. For a unix client (the one you initiate the ssh session on) ForwardX11 yes (default in mandrake) And explicit command-line arg is -X to enable ssh forwarding. i.e., ssh -X -l user host.foo.com There are also helpful things such as Compression that ssh can do if you ask it. Compression can be useful when your systems have fast CPU's, but their network connection is not as good as you'd like. Hope this helps! -pete
Re: [expert] xhost problem
tech == tech DStevenson writes: tech Does anyone have any suggestions as to what would stop xhost tech allowing incoming connections for other xserver on the same tech network. I don't know what happened, but I started having similar problems when I upgraded to Mandrake 8. My solution is to put the xhost+ commands into my .xinitrc file. -- Laura (mailto:[EMAIL PROTECTED] , http://www.laymusic.org/ ) (617) 661-8097 fax: (801) 365-6574 233 Broadway, Cambridge, MA 02139
[expert] xhost problem
Hi All, Does anyone have any suggestions as to what would stop xhost allowing incoming connections for other xserver on the same network. I do a xhost + 192.168.0.10 on the machine I am sitting at. (192.168.0.1) I then telnet to the 192.168.0.10 and in the csh, run setenv DISPLAY 192.168.0.1:0.0 and then run the program, ie: xsane for instance. Nothing then happens, if I strace the program, it sitts there waiting for a response to its connect statement, it is pointing at the correct ip address. It used to work, I have in host.allow on 192.168.0.1 the line ALL: 192.168.0.10 to allow all connections.I tried to use the tiny firewall, but each time I run it and check the hosts.* file, the hosts.* files are commented out. Is this normal. Any ideas would be appreciated. Mandrake 8.0 on celeron 466, 256 Ram kernel 2.4 Thanks. Dave