[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

x11 forwarding does not work until pf is disabled

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: x11 forwarding does not work until pf is disabled
From: Didier Wiroth <didier_(_dot_)_wiroth_(_at_)_mcesr_(_dot_)_etat_(_dot_)_lu>
Date: Tue, 27 Dec 2005 14:43:48 +0100
Thread-index: AcYK65CQFGO/hYa1TgODAcNbXhf/Jw==

Hello,
I'm running current (built a few hours ago) on a test machine. 
I'm connecting via ssh (from a windows box) and I try to launch an X
application.
X forwarding fails, here is a sample output:

~ $ xclock &
[1] 10951
medw_(_at_)_build
~ $ Error: Can't open display: localhost:11.0

Unfortunately, as you see, I'm not able to forward X11 until I disable
pf (pfctl -d).
After disabling pf, forwarding works well and I'm able to forward any X
application.

Did I miss something, what is my problem?
Thank you very much
Didier

Here is the (simple) pf.conf of the ssh server:
ext_if="bge0"
table <friends> persist 
table <hostile> persist

#OPTIONS
set loginterface $ext_if

#NORMALIZE
scrub in on $ext_if fragment reassemble

#REDIRECTING

#DEFAULT BLOCK
block log quick inet from <hostile>
block quick inet6
block log (all) all

pass quick on lo0
pass in quick on $ext_if inet proto tcp from <friends> to $ext_if\
       port 22 modulate state label ssh
pass out quick on $ext_if inet proto { tcp, udp } from $ext_if to any \
        keep state label out_traffic

Follow-Ups:
- Re: x11 forwarding does not work until pf is disabled
  - From: steven mestdagh

Prev by Date: Re: OpenBGP+CARP : OpenBGP does not see CARP going into master state
Next by Date: Re: x11 forwarding does not work until pf is disabled
Previous by thread: Re: OpenBGP+CARP : OpenBGP does not see CARP going into master state
Next by thread: Re: x11 forwarding does not work until pf is disabled
Index(es):
- Date
- Thread

Visit your host, monkey.org