Traversing X11 clients behind NAT (or X11 end-to-end connectivity)
vignatti at c3sl.ufpr.br
Fri Mar 21 13:23:12 PDT 2008
I was thinking how we could make remotely X clients totally connective
with the server when _both_ are behind a NAT/firewall.
We can imagine one big motivation to do this: a scenario where someone
using his thin and poor machine wants to use the resources of some "fat"
machines which he simply doesn't know where they are seated. Those fat
machines could be arranged through a P2P network of "X11 pool of
resources" and the list of machines displayed to the user select his
desired one (e.g. with minor lag/load). Someone more capitalist than me
could go further and imagine a provider selling X11 resources to mobile
devices. Or just open your home machine's web browser in any place of
the world. Well, the field of applications would be huge.
Maybe this would be a kick in the a** of the so called web-based
applications. Now you have to learn how to program in html, php, ajax or
another boring language to build something in this kind of environment.
Instead, we could see this P2P network also as a web-based environment
letting people to program apps in their preferred toolkit (and yes, I'm
betting that the data transfer rates in the various networks will
increase significantly in the next years).
There's a technique to create TCP connections between machines behind
NAT/firewall called "hole punching' [0, 1]. With the help of a server
(called rendezvous) two machines behind NAT/firewall open a 'hole' in
their NAT/firewall to establish a connection. A similar technique --
using UDP -- is what Skype and others are relaying today.
Someone already mentioned  to wrap X11 protocol with jabber (or other
protocol). It would be also an idea. But I don't know how much the
latency would increase in this case.
Certainly there are others techniques to achieve the X11 end-to-end
transparency among machines that I'm missing.
- Why ssh -X and xfwp is not the way?
Simply because it doesn't let end-to-end connectivity.
I didn't thought what would be the impact in both client and server
side. Probably all this will touch some aspects of authentication and
security. I don't know.
So I would like to hear from you what do you think about this all (and
eventually find a mentor to apply this in GSoC ;) )
C3SL - Centro de Computação Científica e Software Livre
More information about the xorg