Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 01-24-2005, 02:01 PM   #1
Registered: Feb 2003
Location: Utah, USA
Distribution: Red Hat EL/CentOS, Ubuntu/Debian
Posts: 113

Rep: Reputation: 15
Question Firewall/NAT issues with X-Server w/ SSH forwarding

Hi Folks,

I've got a client who wants some help with some of their Unix boxes and although I've done some limited testing with SSH access to local Linux boxes, I'm hoping someone can help me with firewall and NAT issues (firewall at the client end; NAT between Internet and my LAN).

Besides the port 22 for SSH, is there more to it than that? When I run an X-Server against my Fedora and Red Hat boxes, I use XDMCP and that uses a number of ports, I believe. If I connect and use the X Forwarding setting on the SSH client then start xterm, it seems like the SSH stack is handling all the traffic (routing it to the right ports). I really need to be able to tell the client's IT folks what ports they need to open through the firewall for my IP address and so forth. And, if there's configuration I need to do on my NAT setup, I need to know what that would be.

(A side question, am I better off just using an XDMCP with an XDM authorization file? But that still leaves all the traffic after authentication/authorization open to snooping, right?)

The product I'm using is WinAxe+ which appears to do SSH forwarding on my local environment without too much fuss. Their web site and on-line help has some (to me at least!) pretty obscure stuff about how this is supposed to work (the info's all spread out and not in a cookbook form).

At any rate, here's some stuff that might apply:

You can set up ports that specifically take traffic coming from a local port and direct it to a given port on the remote machine (and vice-versa), but then it says things like this about a checkbox labeled X Forwarding:

"This check box specifies whether X11 connections will be automatically redirected over the secure channel. This feature allows X Window traffic between the X server and X client (forwarding X Window packets through the SSH session) to be encrypted."

Now, this seems to work (as far as I can tell for stuff inside my LAN)--I haven't got an entire GUI environment to start up in the X-Server, but that's another post.

In another place, I find this:

"enable the Use SSH Forwarding check box. In the SSH1/SSH2 mode, the "Dynamic Port Forwarding" feature of the Telnet_SSH/SSH1 or Telnet_SSH/SSH2 Client and XServer will automatically be used, so you need not set up any port forwarding manually."

So, maybe I don't need any forwarding? The SSH client on my local box and the SSH server on the other end are handling it for me...?

Anyone out there who knows anything about this mess?


Old 01-25-2005, 12:51 AM   #2
Registered: May 2004
Location: Frisco, TX
Distribution: Debian Unstable
Posts: 73

Rep: Reputation: 15
If I am reading right you ar just trying to get an x-app forwarded to your local x-server? If thats right then all you need to do is enable x-forwarding in ssh. You can do it by using the -X switch when you ssh.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up firewall / nat server da644 Linux - Networking 1 08-02-2005 08:22 PM
SSH port forwarding thru a NAT Firewall whoever Linux - Networking 3 07-29-2005 03:24 AM
NAT- ssh Firewall Issue moejab Linux - Security 3 07-27-2005 04:25 PM
SSH port forwarding through a firewall linuxLuser Linux - Networking 1 07-14-2005 11:29 PM
setting up a linux server + firewall + nat ddaas Linux - Security 7 10-14-2004 06:42 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:20 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration