[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPNAT and X-Traffic
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: IPNAT and X-Traffic
- From: David Terrell <dbt_(_at_)_meat_(_dot_)_net>
- Date: Tue, 15 Feb 2000 09:31:04 -0800
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
- Reply-to: David Terrell <dbt_(_at_)_meat_(_dot_)_net>
On Tue, Feb 15, 2000 at 10:20:20AM -0600, Byron Pearce wrote:
> > Thus, external connections to the NAT box would be forwarded to your X
> > client (The Linux system?). Note Well: I would STRONGLY encourage you
> > to examine
> > http://www.motifzone.com/tmd/articles/X_Security_1/security.html
> > before embarking on making X available to the outside (even on a
> > limited scale). IP access control, etc. should be strongly considered.
> > I usually make an external connection to the X Box via SSH and use SSH
> > to open an external screen. Proper use of xauth and similar tools will
> > make for a more secure system.
> That is exactly my plan. When I was testing, I was SSH-ing into the
> appropriate box, setting DISPLAY, and attempting to execute a simple
> xterm. I understand what you are saying, and I wouldn't dream of opening
> up the x ports to the world. I will SSH in and control access via xhost
> (as you mentioned).
SSH does X11 forwarding along the SSH connection. Read the ssh(1) man
David Terrell | But remember that "layman" is just a polite
dbt_(_at_)_meat_(_dot_)_net | word for "idiot."
http://wwwn.nebcorp.com/ | - Neal Stephenson