From: Roberts, Blake (broberts@ercot.com)
Date: Thu Aug 22 2002 - 12:17:13 EDT
Thanks goes to: Williford, Blake [BlakeWilliford@NMCC.SprintSpectrum.com]
Ballowe, Charles [CBallowe@usg.com]
Both suggested using ssh to tunnel the x11 traffic. Unfortunately, my cyber security department has banned ssh, as they feel telnet through VPN is safer (I don't make the policies, I just work here).
I actually ended up resolving my initial problem. In this case, the systems I had the most trouble with are in a cluster, and I was accessing the node directly, as opposed to going through the cluster alias (bad admin... bad bad admin). Going through the cluster interface allowed the X displays to route properly, and make the connection to my machine.
Thanks for the insight and assistance.
Best regards,
--Blake Roberts
UNIX Systems Administrator
ERCOT-Austin
512.225.7178
512.695.5071 (cell)
-----Original Message-----
Good morning,
I have a network architecture situation which I'm trying to resolve in the best way possible with all sorts of parties. My systems, running Tru64 5.1A, live behind a firewall, which I use VPN access to communicate with. The big problem comes when I am trying to pull up a graphical display, such as sysman or dxaccounts.
These displays do not want to communicate down the VPN tunnel, even if I set the DISPLAY variable to the VPN NAT address (the one the host sees me as) or my real IP address. An investigation of netstat shows that these displays want to connect through tcp port 6000.
The easy answer is, "just open port 6000 at the firewall," however I have my doubts that will happen. Other X-based applications are using lower port numbers, and getting through the VPN just fine. Is there an option somewhere that I can set to change the default port that these programs want to communicate on?
Best regards,
--Blake Roberts
UNIX Systems Administrator
ERCOT-Austin
512.225.7178
512.695.5071 (cell)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:50 EDT