HPE Community
Operating System - HP-UX
1833730 Members
2586 Online
110063 Solutions
New Discussion

iptables: how to open HPUX X11 protocol

 
Miguel Cuesta
Advisor

‎04-18-2002 06:48 AM

‎04-18-2002 06:48 AM

iptables: how to open HPUX X11 protocol

Hello.

I'm using RedHat 7.1 with iptables, and it's the firewall between my LAN and the Internet.

I was able to open 'telnet' conexion, and succeeded in connecting an external server.

But I want to export the display of the remote server to my machine, and use X11 and CDE... what protocols must I open???

Best regards and thank you very much.
0 Kudos
Reply
5 REPLIES 5
Jeff Schussele
Honored Contributor

‎04-18-2002 06:59 AM

‎04-18-2002 06:59 AM

Re: iptables: how to open HPUX X11 protocol

Hi Miguel,

Be VERY, VERY careful if you do do this. X11 can be easily exploited if the security is not set correctly. If you do decide to open the FW to X11 I would strongly suggest you also implement OpenSSH - see the following URL for OpenSSH:

http://www.openssh.com/security.html

Here also is a link to X11 security issues on iss.net:

http://www.iss.net/security_center/search.php?type=2&pattern=X11

Make sure you have ALL current RedHat updates dealing with X11 security before implementing this.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎04-18-2002 07:05 AM

‎04-18-2002 07:05 AM

Re: iptables: how to open HPUX X11 protocol

Miguel,

There have been many advisories issued for HP-UX X11/Motif vulnerabilities - here's a link to a few from ciac.org:

http://www.ciac.org/cgi-bin/index/bulletins?h

Here's some from fedcirc.gov

http://www2.fedcirc.gov/alerts/advisories_1997.html

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Miguel Cuesta
Advisor

‎04-18-2002 08:13 AM

‎04-18-2002 08:13 AM

Re: iptables: how to open HPUX X11 protocol

Hello.

Firstly, thank you for answering me.

1) Wich port must I open to allow X11 cross my firewall?

2) How is SSH implemented over X11?

Best regards.
0 Kudos
Reply
Christopher C. Weis
Advisor

‎04-18-2002 02:12 PM

‎04-18-2002 02:12 PM

Re: iptables: how to open HPUX X11 protocol

1) Port 6000 on the client

2) Actually, X11 is implemented of SSH. It's a bit tricky, but lsof will give you all the details. Basically, SSH sets the DISPLAY variable to localhost:10.0, or some other sensible offset from 0 (this is on the ssh server). Listening on that display is a file/socket descriptor that simply redirects the X11 data down the already established SSH connection. The SSH client on the other end takes care of the rest and displays the X11 stuff. It's obviously a little more involved than this, but this is a start. If you look at your sshd_config file, you'll notice a bunch of X11Forwarding stuff. That can enable/disable the forwarding, so it's something to look at if you can't get the forwarding to work. Anyway, I hope this works. Good luck.
0 Kudos
Reply
Miguel Cuesta
Advisor

‎04-22-2002 03:37 AM

‎04-22-2002 03:37 AM

Re: iptables: how to open HPUX X11 protocol

I was trying with your advices:

100.100.100.100 = the Internet IP of my Firewall (Linux)

192.168.1.1 = the LAN IP of my machine (HPUX)

200.200.200.200 = the Internet IP of the remoteserver (HPUX)

1) I opened my 6000 port (in my Linux Firewall):
/sbin/iptables -A FORWARD --dport 6000 -j ACCEPT

2) From HPUX (inside my LAN):
LANmachine> xhost +200.200.200.200
LANmachine> telnet 200.200.200.200

3) Within remoteserver:
remoteserver> export DISPLAY=100.100.100.100:0.0
remoteserver> sam&

..... I do not obtain anything.

What am I doing wrong?

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.