I have a pretty good ipchains script running on my RH 6.2 box, and I gave access to my brother in law to telnet in, but now he can't get an X session (he uses Exceed). I'm thinking I must have another rule that negates the one giving him permission to do that, and I don't give him EXPLICIT permission - ie I don't have an 'output $XWINDOW_PORT -j ACCEPT' line (or something like that), so I'm wondering if anyone has put together a script that allows this so I can get a clue as to what I'm missing.

Thanks.

------------------
...meanwhile, I remain...
...The RedHatted Stepchild...

NOBODY knows ANYTHING about this? I'm marking my calendar - this is the first time in over a year that this has happened to me at this site. http://www.linuxnewbie.org/ubb/wink.gif

------------------
...meanwhile, I remain...
...The RedHatted Stepchild...

on my ipchains script (a hacked pmfirewall setup) i needed to explicitly opne that port because I closed it off.

bash (also ksh)
export DISPLAY=my.display.net:0.0
(may need to omit '=')

tcsh (also csh)
setenv DISPLAY my.display.net:0.0

Hmmm...

What you did there was set the environment variable, not open the port. I believe that '0.0' is referring to the loopback, unless you're stating a remote host before it.

Either way, X uses ports 6000-6036 or something, and I don't really want to make them just open to anyone, I want them to be available to a couple of very specific, static ip addresses. Eventually, I guess I'll just put in a couple of lines near the top that go something like...

ipchains output -s $XWINPORTS -d rem.x.win.user -j ACCEPT

I dunno - I'll figure it out. Thanks for the input!!

------------------
...meanwhile, I remain...
...The RedHatted Stepchild...

As above mentioned the display needs to be exported to his IP :0 or :0.0.. (eg: export DISPLAY=10.0.0.1:0 )

A few questions:

Can he telnet in? (eg: Not even trying to login via eXceed.. )

Y:
Try to export display during that telnet session then fire up xterm or something. (xclock ,etc..)
(eg: nohup /path/to/xterm & )

N:
Get telnet working first.. Or better yet use ssh. (Although I've never tried exporting an X session over ssh.)


What do your firewall logs come up with?

--> Turn on some logging and see if its blocking ports in the 6000 range.

r