[FreeNX-kNX] FreeNX KNX and firewalls

Hamish lists at subvs.co.uk
Fri Feb 25 10:39:25 UTC 2005


Hello everyone

I am having a strange firewall problem with FreeNX/KNX. I have set up a SuSE 
9.2 box with FreeNX, now when connecting to it with KNX on another SuSE9.2 
box, I authenticate fine, then nothing happens. The host shows sessions 
connected when running `nxserver --list`, but nothing happens on the client. 
If I turn off the firewall on the host box, it works fine - must be something 
blocked, but I thought it used ssh only?

here is some log from the host firewall when it is on:
Feb 25 10:14:03 nx.host.box kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= 
MAC=xx:xx:xx:xx:xx:xxetc SRC=xxx.xxx.xxx.xxx DST=yyy.yyy.yyy.yyy LEN=60 
TOS=0x00 PREC=0x00 TTL=54 ID=6642 DF PROTO=TCP SPT=1186 DPT=5001 WINDOW=5840 
RES=0x00 SYN URGP=0
Feb 25 10:14:06 nx.host.box kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= 
MAC=xx:xx:xx:xx:xx:xxetc SRC=xxx.xxx.xxx.xxx DST=yyy.yyy.yyy.yyy LEN=60 
TOS=0x00 PREC=0x00 TTL=54 ID=6643 DF PROTO=TCP SPT=1186 DPT=5001 WINDOW=5840 
RES=0x00 SYN URGP=0
Feb 25 10:14:12 nx.host.box kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= 
MAC=xx:xx:xx:xx:xx:xxetc SRC=xxx.xxx.xxx.xxx DST=yyy.yyy.yyy.yyy LEN=60 
TOS=0x00 PREC=0x00 TTL=54 ID=6644 DF PROTO=TCP SPT=1186 DPT=5001 WINDOW=5840 
RES=0x00 SYN URGP=0

So its trying to make a connection to port 5001? WHY?

Here is the config file for the connection:
{snip}
<option key="Enable SSL encryption" value="true" />
{snip}
<option key="Server port" value="22" />
{snip}
So SSL is enabled, and it is trying on default port 22. Why are there 
connection attempts to port 5001? Should I open this port?

On a windows box, connecting to the same host works (for full desktop at 
least, see the single window thread...) without firewall changes ie port 22, 
and nothing else.

Other slightly OT questions:
How can I turn on/up KNX logging? The conf directory seems to be used by 
both !M client and KNX (~/.nx/config), is there anywhere else KNX may be 
getting conf from? Is it possible that having KNX and !M client both 
installed could cause problems?
Thanks,
H
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/freenx-knx/attachments/20050225/b82b77df/attachment.sig>


More information about the FreeNX-kNX mailing list