[TriLUG] IPTABLES and XDMCP still mean to me
rasch at raschnet.com
rasch at raschnet.com
Tue Sep 2 17:20:52 EDT 2003
On Tue, Sep 02, 2003 at 05:10:35PM -0400, Roy Vestal <rvestal at trilug.org> wrote:
> - I used the following lines while IPTABLES was running, but XDMCP
> didn't work:
>
> /sbin/iptables -A tcp_inbound -p TCP -s 0/0 --destination-port 6001 -j
> ACCEPT
> /sbin/iptables -A udp_inbound -p UDP -s 0/0 --destination-port 6001 -j
> ACCEPT
> /sbin/iptables -A tcp_inbound -p TCP -s 0/0 --destination-port 177 -j
> ACCEPT
> /sbin/iptables -A udp_inbound -p UDP -s 0/0 --destination-port 177 -j
> ACCEPT
>
If you are running a firewall, then these rules are getting "Appended"
(-A) to your firewall tables, and it's possible that there's a rule
higher in the tables that is dropping these packets.
You might try -I instead of -A to ensure they make it to the top of the
list for this table.
Also, many firewall generators can be configured to log all DROP/REJECT
jumps. Or, you can manually specify the "DROP:info" target if you're
doing the firewall yourself.
It also seems as though you need to allow connections on port 177 to go
out, but not necessarily come in to your machine executing "X :1
-query server".
> The command I'm using to start the XDMCP connection is "X :1 -query
> servername".
>
> According to TLDP howto, port 177 is all that I need, and Ken suggested
> opening 6001. I've done both, opened both UDP and TCP as above and to no
> avail. Any ideas?
I think XDMCP requires only 177, but the X connections which come back
require 6001 (for :1).
-David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030902/93f20965/attachment.pgp>
More information about the TriLUG
mailing list