Hi, I am running a Mandrake Linux 9.0 with shoreline firewall. This machine is running with dual network cards. My public interface eth0 has a static ip address. I also have a Sun Solaris 9 machine in the private network. I am accessing a public machine from Sun box using ssh. When I try to run x-application over ssh, I am getting an error. Following is the error message: Error: Can''t open display: xxx.xxx.xxx.xx:0.0 <- this the address assigned to my public interface(eth0) on the firewall So I went ahead and added a role in shorewall to forward ssh sessions from the public network to my Sun Box, still no luck. Any help would be greatly appreciated. -- Ubaidul Khan Wayne State University Library Systems (313)577-4008
Ubaidul Khan wrote:> Hi, > > I am running a Mandrake Linux 9.0 with shoreline firewall. This machine > is running with dual network cards. My public interface eth0 has a > static ip address. I also have a Sun Solaris 9 machine in the private > network. I am accessing a public machine from Sun box using ssh. When > I try to run x-application over ssh, I am getting an error. Following > is the error message: > > Error: Can''t open display: xxx.xxx.xxx.xx:0.0 <- this the address > assigned to my public interface(eth0) on the firewall >This is an ssh problem -- not a Shorewall problem. When you log into the public machine, what does your environment look like? Typically when you log into a remote system with X installed, you will see something like: [teastep@ursa teastep]$ env | grep DISPLAY DISPLAY=localhost:10.0 [teastep@ursa teastep]$ So SSHD on the remote system is listening on port 6010 and is forwarding that port to port 6000 on your client system (in this case, your Sun box). So when you run xterm, xterm should try to open localhost:10.0 (port 6010) - in particular, it should not try to open interface 0.0 (port 6000) on the client system directly. Note that because of masquerading, the sshd perceived the client system to be your firewall rather than your Sun system. The above happens automatically with Linux ssh and sshd -- YYMV. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Hope this helps 1. make sure X forwarding is allowed by SSHD(server) 2. use " ssh -X user@host " to tell ssh to do X forwarding Once the terminal is connected try running xterm or something.> > > Ubaidul Khan wrote: >> Hi, >> >> I am running a Mandrake Linux 9.0 with shoreline firewall. This >> machine is running with dual network cards. My public interface eth0 >> has a static ip address. I also have a Sun Solaris 9 machine in the >> private network. I am accessing a public machine from Sun box using >> ssh. When I try to run x-application over ssh, I am getting an error. >> Following is the error message: >> >> Error: Can''t open display: xxx.xxx.xxx.xx:0.0 <- this the address >> assigned to my public interface(eth0) on the firewall >> > > > This is an ssh problem -- not a Shorewall problem. > > When you log into the public machine, what does your environment look > like? Typically when you log into a remote system with X installed, you > will see something like: > > [teastep@ursa teastep]$ env | grep DISPLAY > DISPLAY=localhost:10.0 > [teastep@ursa teastep]$ > > So SSHD on the remote system is listening on port 6010 and is forwarding > that port to port 6000 on your client system (in this case, your Sun > box). So when you run xterm, xterm should try to open localhost:10.0 > (port 6010) - in particular, it should not try to open interface 0.0 > (port 6000) on the client system directly. Note that because of > masquerading, the sshd perceived the client system to be your firewall > rather than your Sun system. > > The above happens automatically with Linux ssh and sshd -- YYMV. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users