Problems with X11 traffic over ssh in pf.conf
Hi all,
I need to allow X11 services over ssh for my developers on one openbsd box.
Rule for ssh service works ok, but when I try to start a X11 app (like xterm for
example on destination host) doesn't works.
On openbsd side nothing is dropped. Somebody knows how can I debug this?? Do I
need to open additional ports or protocols??
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Re: Problems with X11 traffic over ssh in pf.conf
On 3/23/07, carlopmart [EMAIL PROTECTED] wrote: Do I need to open additional ports or protocols?? Not so much additional ports or protocols, but are you sure you enabled X11 forwarding? A few suggestions for things to check: + in /etc/ssh/sshd_config, did you enable 'X11Forwarding' ? + for the ssh client(s), did you choose to enable X11 forwarding? In ssh, you can use either the -X command line option or use settings to that effect in your config file (see ssh_config(5) for more info). Hope this helps, Rogier -- If you don't know where you're going, any road will get you there.
Re: Problems with X11 traffic over ssh in pf.conf
Rogier Krieger wrote:
On 3/23/07, carlopmart [EMAIL PROTECTED] wrote:
Do I need to open additional ports or protocols??
Not so much additional ports or protocols, but are you sure you
enabled X11 forwarding?
A few suggestions for things to check:
+ in /etc/ssh/sshd_config, did you enable 'X11Forwarding' ?
Yes
+ for the ssh client(s), did you choose to enable X11 forwarding?
Yes
In ssh, you can use either the -X command line option or use settings
to that effect in your config file (see ssh_config(5) for more info).
Hope this helps,
Rogier
My problem is wih pf rules. If I put on pf.conf pass all, all works ok.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Re: Problems with X11 traffic over ssh in pf.conf
On 3/23/07, carlopmart [EMAIL PROTECTED] wrote: My problem is wih pf rules. If I put on pf.conf pass all, all works ok. Then the easiest debugging feature is doing a tcpdump on pflog0 for blocked packets. Assuming (without your pf.conf, it's hard to guess) you use a default block, add a log clause to that line. Blocked packets will then show up on tcpdump. $ sudo tcpdump -n -e -vv -ttt -i pflog0 Hope this helps, Rogier -- If you don't know where you're going, any road will get you there.
Re: Problems with X11 traffic over ssh in pf.conf
On Fri, Mar 23, 2007 at 08:35:19AM +0100, carlopmart wrote: My problem is wih pf rules. If I put on pf.conf pass all, all works ok. Did you remember to pass loopback connections?
Re: Problems with X11 traffic over ssh in pf.conf
Are you using antispoof in your pf.conf? if so, X11 forwarding will not work. carlopmart wrote: Hi all, I need to allow X11 services over ssh for my developers on one openbsd box. Rule for ssh service works ok, but when I try to start a X11 app (like xterm for example on destination host) doesn't works. On openbsd side nothing is dropped. Somebody knows how can I debug this?? Do I need to open additional ports or protocols?? Many thanks.
