How to open a port?

Cameron Hutchison camh at xdna.net
Wed Jun 14 00:34:01 UTC 2006 

Daniel Carrera wrote:

>There are no iptable rules on either the server or my laptop. So it 
>looks like I'm barking up the wrong tree. I'm trying to open a remote X 
>connection and it isn't working, but it looks like the problem not with 
>a closed port. :(

That depends on your terminology. If an iptables rule was in place
blocking a connection to a port, I would call that a "blocked port". A
"closed port" would be a port on which there is no service running. This
is how ubuntu achieves a default setup with no "open ports" (or all
"closed ports") - no services running on external interfaces. It does
not use iptables to block ports.

In your particular case (remote X connections), you need to have the
X server run a service on a port. By default, it does not do this (in
pretty much any modern distro) for security reasons. The X protocol is
not particularly secure.

The usual way to have remote X clients is to tunnel through ssh. If
you ssh from a shell that can connect to an X server (ie. the DISPLAY
variable is set appropriately and it has appropriate permissions to
access the $HOME/.Xauthority file), you can use the -X argument to ssh(1)
to enable X11 forwarding. Check the manpage for more details.

If you still really want to enable external X connections, you'll
need to configure your X server to listen on inet ports, and not just
a unix domain socket. If you are running GNOME, look under "System ->
Administration -> Login Window" on the "Security" tab. There is a checkbox
labelled "Deny TCP conections to Xserver" which is checked by default.

I've never used this checkbox so I cannot say 100% that it will run
the X server with/without the "-nolisten tcp" X argument, but it's the
sensible place for it. You'll need to log out and maybe even restart gdm
("sudo /etc/init.d/gdm restart" from a console shell) to have this option
be applied.

You can check the option has been applied by looking at the ps(1) listing
for X ("ps auxww|grep X") and see if it has the "-nolisten tcp" command
line argument. If it has, you will not be able to remotely connect to
the X server.

More information about the ubuntu-users mailing list