[PLUG] Client sending X windows to another through FW

Josh Orchard josh at emediatedesigns.com
Thu Feb 25 00:48:53 UTC 2010


On 2/24/2010 6:20 AM, D. Cooper Stevenson wrote:
> Hi Josh,
>
> Here's a link to the remote X-Apps mini howto.
>
>    http://www.faqs.org/docs/Linux-mini/Remote-X-Apps.html
>
> It occurs to me that you may, either now or in the future, wish to
> connect to several different computers behind the firewall by name. For
> example, you may, from your local client (technically termed the
> 'server' in X protocol parlance), wish to connect to X applications on
> both server1.remotehost.com and server2.remotehost.com.
>
> To actually reach the remote box behind the remote firewall (if not
> using NAT beyond the initial connection or you wish to connect to more
> than one remote machine) you need to use SSH tunneling. Basic
> introduction here:
>
>    http://www.revsys.com/writings/quicktips/ssh-tunnel.html
>
> One could also set up a permanent Virtual Private Network connection for
> this purpose. Now, if you ran SSH through OpenVPN you would experience
> performance problems. Still, if you ran, unencrypted, "plain Jane"
> remote X sessions through the VPN connection this might really do the trick.
>
> I write, "might" as I do not know your specific bandwidth resources.
>
> The VPN/X route gives you the ability to do more than just remote X
> connections--the VPN essentially "joins" your local X server into the
> network of the remote network. See the diagram under the 'Road Warrior'
> section here:
>
>    http://www.shorewall.net/OPENVPN.html
>
> The above assumes you do not wish to open a separate port on the
> firewall for each remote machine. I for security reasons this should be so.
>
> In summary, compressed SSH sessions are what you want for individual
> connections to the remote machine. SSH tunneling will provide you with
> multiple remote computer connections. If it seems reasonable that you
> will expand the services between these two networks, consider
> unencrypted X sessions over a Virtual Private Network.
>
>
>
> Very Best,
>
>
> -Coop
>

Thanks that helps a lot.  I will have many clients behind potential 
firewalls that I'll want to log into One remote server which a person 
could then work from and alter all the clients configurations as needed. 
  It has occurred to me that if I just ssh to a remote computer and not 
do X Forwarding that any X windows will be displayed on the remote and 
not local machine provided that xhost is allowed on the remote server.

But I could possible use VPN to make a network connection and then just 
do a normal login from the server to each client as they would then be 
on my VPN and could authenticate as a normal network computer.  I'm a 
bit concerned about performance and network bandwidth but I could play 
with it and figure it out.

Thanks for the the suggestions.

Josh



More information about the PLUG mailing list