technopasta 05-25-2007 08:43 PM

X11 forwarding + NAT
I have the following setup - sorry, this needs a bit of explanation because it's not entirely clear in my head yet.

IP/hostname hardware router Ubuntu server, in DMZ - most ports forwarded from shu to it
horus/, amunra/, osiris/ Ubuntu desktops, behind NAT

I have an SSH account on a remote box, which supports X11 forwarding.

How would I go about forwarding remote X11 --> osiris without changing any more port forwards?

Is there some way to go remote --> anubis --> osiris? I'd rather not install X11 on anubis but I will if needed.

Thanks in advance

FMC 05-26-2007 09:55 AM

Im my opinion, you should change your hardware router to bridge mode, then you could share the internet connection with your server and in this case you could tunnel your SSH connection to do what you want to do.

Just my opinion!

[]'s, FMC!

technopasta 05-26-2007 05:54 PM

Thanks for that, bridging might be a good idea but I suspect I'd lose the use of some of the router's features (integrated ATA for VOIP). My solution after some reading up was to:

ssh to anubis with X forwarding on
start an xterm from anubis
then within xterm
ssh to remote with X forwarding on

That works but is pretty ugly ;)

Thanks again,

FMC 05-26-2007 07:18 PM

There are some ways to tunel SSH connections, but I realy could not find it to tell you right now.

If I find a "clear" solution I'll let you know!

[]'s, FMC!

jiml8 05-26-2007 07:58 PM

ssh -Y -f hostsystem xterm

This will start a graphical shell on your client system, and you can then use that shell to invoke whatever graphical program you need.

Alternatively, you can enter:

ssh -Y -f hostsystem desiredgraphicalprogram

to start the graphical program directly.

For instance:

ssh -Y -f hostsystem Xsession

will start a complete X session on the client, like what you would have if you were sitting in front of the machine.

This will work so long as your router forwards the ssh port (port 22). If you can do a normal ssh login to the remote machine and it supports X forwarding, you can do this.

jschiwal 05-26-2007 08:44 PM

One thing you could do is use a different port for ssh on osiris. This is similar to how VNC allows additional connections. It uses the next higher port for the second connection. In this case, you could have a different high number port for each machine.

technopasta 05-27-2007 04:57 AM

Thanks all. Jiml8's suggestion will be used immediately, but everyone who replied has given me stuff to do on my network!

ssh -Y -f hostsystem xterm
doesn't work on my Macbook (osiris) until I enter
export DISPLAY=localhost:0, which I thought ssh -Y was meant to do.

Sorry if I forgot to tell you one of the clients was a Mac, but I remember that the same problem on other systems so I don't think it's specific.

FMC 05-27-2007 09:00 AM

Open graphical programs using X11 forward is realy slow over the internet, you could try Freenx, I use it every day and I realy love it.

Just a tip.

[]'s, FMC!

technopasta 05-27-2007 05:52 PM

FreeNX needs to be installed on client and server right?
Seeing as I'm only a user and not an administrator on the remote box, I don't think this would be possible.

FMC 05-28-2007 06:49 AM

Thats right, I tought that you were the adm from that machine!

[]īs, FMC!

