Traversing X11 clients behind NAT (or X11 end-to-end connectivity)

Tiago Vignatti vignatti at
Sat Mar 22 15:33:39 PDT 2008

Hi Sascha,

Sascha Hlusiak escreveu:
> Get IPv6, the network of tomorrow -- today. And a firewall is not a thing to 
> bypass because the admin installed it for a reason.

Yes, everyone will agree with you in the sense that IPv6 will solve the
lack of addresses on the Internet. OTHO, several NAT will be replaced
by firewalls when the migration to IPv6 happen. This is because today
admins use NAT as a firewall to protect his intranet. So the lack of
transparency on the Internet will remain and such mechanisms to bypass 
the lack of connectivity will be needed.

Anyway, there's a lot of researchers who could argue and defend this 
argument better than me. It's easy to see how valuable this subject is 
just taking a look at the last networking and P2P conferences.

> X11 reacts very allergic to high latency and need quite some bandwidth whereas 
> NX works extremely well here and it's easier to maintain (ssh). If necessary 
> you can forward ports if you are behind a NAT. 

Indeed. NX would be a good guy to improve this. Maybe all this 
discussion could be moved to the VNC context also...

And about forward ports, this is not so simple. We must assume that our 
focus is highly NATed environments, or situations where practically 
every node is behind a NAT. For example, the DSL modem may have a NAT 
plugged with a wireless access point that also is a NAT. The service 
provider might add another layer of NAT.

> I see rare cases where this real end-to-end connectivity is necessary. If it's 
> a server, they'd be plain dumb to put it behind a NAT. 

All web app enthusiasts will be totally contrary with you. You can argue 
with them :)

> Sorry, just my 2 cents. I'd like to have all the loose development energy 
> bundled to really improve the X11 world. There is much more work left in 
> current markets than in future ones.

Well, thank you for replying this Sascha. For sure this all is just an 
idea that I had "taking a shower" :) The first idea of the email was 
just to bring this discussion up on the list because I never seen anyone 
talking about this here.

And, as I said on the other mail, I'm not particulary telling that 
punching hole would be the best alternative to address this problem of 
total connectivity. For instance you could imagine some kind of P2P 
resource-sharing sw exporting X11 clients.


Tiago Vignatti
C3SL - Centro de Computação Científica e Software Livre

More information about the xorg mailing list