How to configure firewall for X11

I have a system with a 192.168.. ip going through a
liunx firewall to a remote unix system. When I telnet
to this remote system, I would like to run X programs
but do not know how to configure the 'DISPLAY' settings.
How can I get my NAT'ed machine to receive X11?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Listening.  (I have interest in this ? as well)
you can't. Unless you can forward the port (6000 + display number) directly to the station behind the NAT it wont work. The X11 protocol puts the source IP in the data-part of the packages, aswell as in the normal IP-headers.

Using SSH to tunnel should work for single port forwarding tho.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
shippy012000Author Commented:
so..... can you tell me what I would have
to do in ipchains to get this port to forward?

If gateway machine ls and
NAT machine is and is using
display 0.0, what would a chain look like?


Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

ipchains will not work. Ipchains cannot rewrite the packages properly. Ipchains only reqrites the adress part of the datagram, not the data part, which is needed.
shippy012000Author Commented:

I thought that I would be able to forward
any packet to to and it would work.

What do you recommend then to do this
Friend says that "ipmasqadm" would do the trick. Personally i stick to SSH tunnels :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.