XDMCP and NAT

Tiago Vignatti vignatti at c3sl.ufpr.br
Mon Nov 17 19:46:05 PST 2008 

Hi,

Ritesh Sood escreveu:
> Hi all,
> 
> This mail is more of a feature request, and looking at the number of
> messages on the web, I'm sure quite a number of users would be happy to
> have this functionality, which is already provided by many commercial
> Xservers for windows.
> 
> I want use Xephyr/Xnest on my home machine local_host (as display :1)
> and have the display controlled by xdm running on a remote application server
> (app_server)
> 
> First, please have your browser's font set to a monospaced one so that
> the boxes below are displayed correctly.
> 
> Here's how the network "topology" looks like.
> 
> +---------------+         +------------+          +-------------+
> | local_host    |         | NAT server |          | app_server  |
> | 192.168.0.100 |-------> | 1.2.3.4    |--------->| 5.6.7.8     |
> | running Xnest |         |            |          | my.univ.edu |
>                   |   my.univ.edu  |
> | on display :1 |         | my.isp.com |          | running xdm |
> +---------------+         +------------+          +-------------+
> 
> At the app_server end, Xaccess contains
> *.univ.edu   NOBROADCAST
> *.isp.com   NOBROADCAST
> to have some measure of security
> 
> I'm running xdm as
> # xdm -debug 1 -config ....
> 
> Within the university network of-course, things work very well. From
> local_host too, at-least XDMCP authentication is happening correctly,
> i.e. xdm sees that the incoming request is from *.isp.com. and considers
> it legitimate.
> 
> Next, it tries to open 192.168.0.100:1 for login window, etc; and that
> of-course fails.
> 
> Just to make sure that port forwarding on 60xx ports is happening correctly,
> I do
> $ xterm -display my.isp.com:1.0
> and that works alright.
> 
> As i mentioned above, many Xserver implementations for windows provide
> an option so that the NAT IP address can be passed to xdm instead of
> XDMCP picking up the local_host address by default. See these FAQs, for
> instance:
> http://connectivity.hummingbird.com/support/nc/exceed/exc9003009.html?cks=y
> http://www.netsarang.com/products/xmg_faq.html
> 
> It would be great if we could have similar functionality in the Xorg
> Xservers.

Yeah, I would like this kind of feature some time ago as well but seems 
that our world is finally (not so quickly though) turning to IPv6 [0]. 
There would be another crazy idea to traverse NAT using hole punching 
technique. Follow this link:

http://vignatti.wordpress.com/2008/03/21/traversing-x11-clients-behind-nat-or-x11-end-to-end-connectivity/


[0] people found another motivation besides the lack of address space 
which is the energy saving. Seems that NAT must send a "keep alive" 
message every 30-180 seconds to keep the address and connection active. 
It can consume a significant amount of energy, specially for mobile devices.


Cheers,

-- 
Tiago Vignatti
C3SL - Centro de Computação Científica e Software Livre
www.c3sl.ufpr.br

More information about the xorg mailing list