[techtalk] X port

[Malcolm Tredinnick]

On Fri, Jun 23, 2000 at 09:23:01AM +1000, Jenn V. wrote:
> Adrian Glover wrote:
> > 
> > What ports does X-Windows use to transmit over TCP/IP ?
> > 
> > Does anyone know how to configure this to work on the
> > (http://edge.fireplug.net/) Fireplug edge firewall?
> 
> Do you mean 'to transmit an X-Windows session over TCP/IP'?
> Not sure. Be aware that it can be made to run under SSH, so
> you may want to poke holes there as well.

Typically, X connects on ports 6000, 6001, 6002, ... (where the number
increments for each connection). The fun thing here is that you can't
completely block off these ports, because of the way X runs even on the local
machine -- the local machine must be able to connect to those ports. So if you
are controlling the external connections, you have to ensure that you still
leave local access to those ports (trust me .. it *is* possible to mess this
up if you are me!).

The ssh part that Jenn mentioned is actually quite simple. If X-forwarding is
permitted by the ssh daemon you are connecting to, it will automatically
(automagically?) route any X-connections over the ssh connection. The daemon
knows to do this because the DISPLAY environment variable will be set on the
connecting side (which shows the daemon that you are running X). You can tell
it is being forwarded over ssh by looking at the DISPAY variable on the remote
machine. Rather than saying something like ":0.0" (which it does on my local
machine at the moment), it will say "server:15.0" (which it does on the
machine I am writing this email on). The big number is a clue that ssh is
redirecting things (or else you have a *lot* of X displays running).

So, in setting up a firewall, if you let ssh connections through and everybody
uses ssh, then you can block of external access to, say, ports 6000 - 6010 and
everybody who can connect via ssh will have X-forwarding happening
automatically.

Cheers,
Malcolm

-- 
Malcolm Tredinnick            email: malcolm at commsecure.com.au
CommSecure Pty Ltd