On 3/1/06, Ryan Rempel <[EMAIL PROTECTED]> wrote: > > On 2/28/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Has anyone had any experience running FreeNX in a FreeBSD Jail. It > > starts to connect then goes to connection failed, I can use XDMCP from the > > same box and everything works fine, any suggestions? Thanks in Advance. > > I've done it, so it is possible to get it to work. I can't remember now if > there were any partiuclar issues in setting it up -- one suggestion would be > to check the log files for something that might shed light.
I forgot -- there was an issue when I set this up. There is code in the nxserver, in nxcomp/Loop.cpp, that checks whether the connection is coming from an expected IP address (or something like that). What seems to happen is that it gets confused by the way that 127.0.0.1 in the jail gets translated to the jail's IP address, so it thinks they don't match. I made a patch for net/nxserver that kind of fixes the problem, but I should emphasize that this isn't a proper patch -- it just bypasses the check entirely, rather than trying to do it correctly in the jail. So it probably defeats something which contributes to security. That having been said, here's the patch: --- nxcomp/Loop.cpp.orig Sat Feb 5 14:10:48 2005 +++ nxcomp/Loop.cpp Thu Mar 2 08:15:12 2006 @@ -4567,7 +4567,8 @@ char *connectedHost = inet_ntoa(newAddr.sin_addr); unsigned int connectedPort = ntohs(newAddr.sin_port); - if (*acceptHost == '\0' || (int) newAddr.sin_addr.s_addr == acceptIPAddr) +// if (*acceptHost == '\0' || (int) newAddr.sin_addr.s_addr == acceptIPAddr) + if (1) { #if defined(INFO) || defined (TEST) *logofs << "Loop: Accepted connection from '" << connectedHost _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"