On 3/1/06, Ryan Rempel <[EMAIL PROTECTED]> wrote:
>
> On 2/28/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > Has anyone had any experience running FreeNX in a FreeBSD Jail. It
> > starts to connect then goes to connection failed, I can use XDMCP from the
> > same box and everything works fine, any suggestions? Thanks in Advance.
>
> I've done it, so it is possible to get it to work. I can't remember now if
> there were any partiuclar issues in setting it up -- one suggestion would be
> to check the log files for something that might shed light.
I forgot -- there was an issue when I set this up. There is code in
the nxserver, in nxcomp/Loop.cpp, that checks whether the connection
is coming from an expected IP address (or something like that). What
seems to happen is that it gets confused by the way that 127.0.0.1 in
the jail gets translated to the jail's IP address, so it thinks they
don't match.
I made a patch for net/nxserver that kind of fixes the problem, but I
should emphasize that this isn't a proper patch -- it just bypasses
the check entirely, rather than trying to do it correctly in the jail.
So it probably defeats something which contributes to security. That
having been said, here's the patch:
--- nxcomp/Loop.cpp.orig Sat Feb 5 14:10:48 2005
+++ nxcomp/Loop.cpp Thu Mar 2 08:15:12 2006
@@ -4567,7 +4567,8 @@
char *connectedHost = inet_ntoa(newAddr.sin_addr);
unsigned int connectedPort = ntohs(newAddr.sin_port);
- if (*acceptHost == '\0' || (int) newAddr.sin_addr.s_addr == acceptIPAddr)
+// if (*acceptHost == '\0' || (int) newAddr.sin_addr.s_addr == acceptIPAddr)
+ if (1)
{
#if defined(INFO) || defined (TEST)
*logofs << "Loop: Accepted connection from '" << connectedHost
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
