iptables and X11 forwarding

p_a · External Since: Aug 04, 2009 Posts: 1

Is something missing? I've tried to enable X11 forwarding thru
iptables with the following
set of rules. If I run "ggv &" a "can't open display" message is
displayed. I have sshed with the -X option.

iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
iptables -A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -o lo -j ACCEPT

thx.,
pete.

Allen Kistler · External Since: Jun 26, 2004 Posts: 367

p_a wrote:
> Is something missing? I've tried to enable X11 forwarding thru
> iptables with the following
> set of rules. If I run "ggv &" a "can't open display" message is
> displayed. I have sshed with the -X option.
>
> iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
> iptables -A OUTPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -o lo -j ACCEPT

1. You don't need to specify addresses for the lo rules.
BTW, it's good to put these rules first in INPUT and OUTPUT.

2. Is the DISPLAY variable set?

3. Is xauth installed? (rpm -q xorg-x11-xauth)

4. Are you running ssh over IPv4 or IPv6?
Typically localhost has to be defined for both.