xhost+ (wireshark saw network packets exchange), but still cannot display error
 

Hi all,

1) I got 2 VMs running linux centos 6.5 in my office remotely.

2) With vsphere client, i logined to the individual console for vmNode1, and vmNode2.

3) Both nodes are on the same subnet, and can be ping from one another

4) Both nodes have their iptables turn off

5) Both nodes have x11-apps installed and i can run xclock before i change the $DISPLAY variable value.

-----------

nodeA ip = 192.168.123.243
nodeB ip = 192.168.123.233

1) Now, with nodeA as server, i done an xhost+ due to desperation to disable control list access.

2) with nodeB, i issue this command
export DISPLAY=192.168.123.243:0.0

3) within nodeB terminal, i done a xclock expecting the clock to be showing in nodeA, but have this error "Can't open Display:192.168.123.243:0.0"

4) within nodeA terminal, i ssh to node B and issue a xclock expecting the clock to be showing in nodeA, but still having the same error.

5) wireshark running on both nodes shows sending and receiving of the following message below


577 487.305938000 192.168.123.133 192.168.123.143 TCP 74 41530 > x11 [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=31909316 TSecr=0
WS=128

578 487.306376000 192.168.123.143 192.168.123.133 TCP 60 x11 > 41530 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

-----------------------

Q1) Not really sure what it meant, but the xServer (nodeA) seems to be resetting the connection ? (is RST reset ?)

Q2) Is my concept correct ? nodeA = Xserver nodeB = client

(nodeB) client set display to point to Xserver(nodeA)

Q3) or am i, on my local pc running the vsphere client's 2 consoles to see my nodeA and nodeB being the Xserver ??? (dont make sense to me).

Please advise!

Regards,
Noob!

Unless you made special exceptions, the firewall will reject the connection.

Second, even with the exceptions, X servers do not permit TCP connections with also first enabling them in the X server.

Network connections are well known to be insecure - passwords sent in the clear, non-encrypted connections...

Use ssh to forward connections.

Hi jpollard,

I have turn off iptables on both side and both nodes are in the same network, so how is the firewall (where) going to block any traffic ?

I have also turn off access list for Xserver by issuing xhost+, so what's wrong ?

Regards,
Noob

what remains is that the X server doesn't support TCP connections.

SSh works better. Use it.

jpollard, short but useful replies.

i have enabled TCP in the schema config and now it works ;)
Just wanna prove that my understanding is correct :)

Thanks

Correct but incomplete - xhost + allows anybody to connect and do anything they want. It totally disables any security.