Traversing X11 clients behind NAT (or X11 end-to-end connectivity)
Tiago Vignatti
vignatti at c3sl.ufpr.br
Sat Mar 22 15:33:39 PDT 2008
Hi Sascha,
Sascha Hlusiak escreveu:
> Get IPv6, the network of tomorrow -- today. And a firewall is not a thing to
> bypass because the admin installed it for a reason.
Yes, everyone will agree with you in the sense that IPv6 will solve the
lack of addresses on the Internet. OTHO, several NAT will be replaced
by firewalls when the migration to IPv6 happen. This is because today
admins use NAT as a firewall to protect his intranet. So the lack of
transparency on the Internet will remain and such mechanisms to bypass
the lack of connectivity will be needed.
Anyway, there's a lot of researchers who could argue and defend this
argument better than me. It's easy to see how valuable this subject is
just taking a look at the last networking and P2P conferences.
> X11 reacts very allergic to high latency and need quite some bandwidth whereas
> NX works extremely well here and it's easier to maintain (ssh). If necessary
> you can forward ports if you are behind a NAT.
Indeed. NX would be a good guy to improve this. Maybe all this
discussion could be moved to the VNC context also...
And about forward ports, this is not so simple. We must assume that our
focus is highly NATed environments, or situations where practically
every node is behind a NAT. For example, the DSL modem may have a NAT
plugged with a wireless access point that also is a NAT. The service
provider might add another layer of NAT.
> I see rare cases where this real end-to-end connectivity is necessary. If it's
> a server, they'd be plain dumb to put it behind a NAT.
All web app enthusiasts will be totally contrary with you. You can argue
with them :)
> Sorry, just my 2 cents. I'd like to have all the loose development energy
> bundled to really improve the X11 world. There is much more work left in
> current markets than in future ones.
Well, thank you for replying this Sascha. For sure this all is just an
idea that I had "taking a shower" :) The first idea of the email was
just to bring this discussion up on the list because I never seen anyone
talking about this here.
And, as I said on the other mail, I'm not particulary telling that
punching hole would be the best alternative to address this problem of
total connectivity. For instance you could imagine some kind of P2P
resource-sharing sw exporting X11 clients.
Cheers,
--
Tiago Vignatti
C3SL - Centro de Computação Científica e Software Livre
www.c3sl.ufpr.br
More information about the xorg
mailing list