X11 forwarding and iptables
Most everything works as expected except I've lost the ability to do X11 forwarding (eg. logging in with ssh -X and running things like xclock).
I noticed in /etc/services that ports 177 and 6000:6007 are related to X11.
Which chain should I enable these? I tried the INPUT chain and it didn't restore the X11 forwarding capability.
Thanks in advance for all your help.
bob
4 Replies
Actually, re-reading your post I don't see why -X would fail as long as you can ssh in then it should work though it's not as efficient as using VNC over a secure tunnel.
iptables -A INPUT -j LOG –log-prefix "INPUT_DROP "
This will append the LOG rule to the end of the INPUT rules and will log each packet. So in your case I believe you have your police set to DROP, you see what will get DROP. Be aware unless you set some iptable limits your logs might fill up quickly depending upon the amount of traffic you have.
You might also take look for an iptables flow chart, that might help you figure out the flow of traffic as it transverses the iptables rules.
--
Travis