[I decided to copy the list... there's probably others that are
interested in this.]
"Thomas J. Arseneault" wrote:
>
> Just my $.02 worth. I don't run an Xserver on my firewalls but I do add
> enough libraries so that I can remotely display X based applications back to
> a more protected host that does run an X server (also normaly over an SSH
> link) and I do my admin that way. A little slower, but it works.
You may be interested in a little patch I wrote for the OpenSSH
daemon that turns nagle OFF on the server->forwarded port
TCP connection. It improves responsiveness something fierce,
at least in the environments where I've been using it.
(I _think_ X11 forwarding uses the same function call, but don't
take my word for it.)
However, one would probably also need to do the same to the
X server -> SSH client connection, for the SSH client side
socket. I haven't done that though. [1]
channels.c, line ~2340 (in 3.0.2), function connect_to():
if (fcntl(sock, F_SETFL, O_NONBLOCK) < 0)
fatal("connect_to: F_SETFL: %s", strerror(errno));
/* BEGIN TCP_NODELAY HACK [EMAIL PROTECTED], 20020113 */
if(1) {
int on=1;
if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void *) &on,
sizeof(on)) < 0)
error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
}
/* END TCP_NODELAY HACK [EMAIL PROTECTED], 20020113 */
if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0 &&
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
[1] I was using this to tunnel MS RDP from a windows box through
an openssh server on linux to a terminal server. Hence, I never
needed to patch the client (I didn't use it.) For me, it changed
the perceived RTTs from "56k modem" to "on the same LAN".
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
