Wouldn't it be more straightforward and secure to use ssh XWindows
tunneling? Direct XWindows connections are not known to be particularly
secure.
If you are sitting behind the LEAF box on a workstation, you can just ssh
to the host you want to run software on from an xterm, and start an X
program there and interact with it on your screen (X server). You _might_
have to use the "-X" option when you start the ssh session, but as long as
you haven't blocked outgoing ssh, you should not need to alter your
firewall at all... ssh handles it very effectively.
If you are sitting at the box otherwhere, and want to run software on a
box behind your leaf box, you just have to open and forward tcp port 22
from your LEAF firewall to that box using the rules file:
DNAT net:128.x.x.x loc:192.168.x.x tcp 22
If the box you are connecting to doesn't have ssh, you probably ought to
think twice about letting it make _any_ connections back to your system,
because the sysadmin is not managing that system responsibly, and there
could be software monitoring your terminal for passwords while you work.
On Mon, 2 Dec 2002, Troy Aden wrote:
> I am attempting to translate an IPTABLES rule from another firewall into
> shorewall.
> Can someone please show me how I need to enter this rule into the
> /etc/shorewall/rules file?
>
> # X-Windows forwarding
> iptables -A PREROUTING -t nat -s 128.x.x.x -d ${OUTSIDE_IP} -j DNAT --to
> 192.168.x.x
> iptables -A FORWARD -d 192.168.x.x -o ${INSIDE_DEVICE} -j ACCEPT
>
> This rule works. But I am not sure how to enter this with the proper syntax
> into the Shorewall rules file.
> Can someone please show me how the rule should be entered?
>
> The 128.x.x.x is an external machine and the 192.168.x.x is an internal
> machine.
>
> The above rules looks to me like it is allowing all connections between
> these two machines.
>
> Thanks in advance.
>
>
> Troy Aden
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Get the new Palm Tungsten T
> handheld. Power & Color in a compact size!
> http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
> ------------------------------------------------------------------------
> leaf-user mailing list: [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T
handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
