[FreeNX-kNX] FreeNX connection issues behind router

Terje Andersen terander at guard.zapto.org
Thu Jul 17 20:17:16 UTC 2008 

On Thu, 2008-07-17 at 12:30 -0400, Kurt Godric wrote:
> I ave been getting connection timed out errors for a while now and I
> cannot figure out what the issue is.  By all accounts I have the
> correct configuration.  Can someone go over the following and let me
> know what holes you see in my config?  I also changed all of the IPs
> to x.x.x.100 and so on.  

<snip>

> Info: Load-Balancing (if possible) to x.x.x.113 ...
> &virtualdesktop=1&application=lxp-startup&link=wan&backingstore=1&encryption=1&cache=16M&images=64M&shmem=1&shpix=1&strict=0&composite=1&media=0&session=session&type=unix-application&geometry=1440x837&client=winnt&keyboard=pc102/en_US&screeninfo=1440x837x32+render&clientproto=2.1.0&user=root&userip=68.209.123.36&uniqueid=0351427BD84C5BADAC9A0C0A722DED15&display=1000&host=x.x.x.113
> ssh: connect to host x.x.x.113 port 22: Connection refused
> expect: spawn id exp5 not open
>     while executing
> "expect -nobrace {Are you sure you want to continue connecting
> (yes/no)?} { send "yes\r" } assword*: { sleep 0.3; send "$password
> \r" } {Permission deni..."
>     invoked from within
> "expect {

You need to look into the SSH keys that are used here - the master will
have to have the same keys as the nodes behind it, I think.

The ssh connection to x.x.x.113 on port 22 are getting refused, which
indicates that the keys might be incorrectly configured.

<snip>

> 
> /var/log/secure:
>      Master:
> 
> Jul 17 11:53:06 SDVPC01 sshd[21173]: pam_unix(sshd:session): session
> closed for user root
> Jul 17 11:54:23 SDVPC01 sshd[21766]: Accepted publickey for nx from
> "myIP" port 50888 ssh2
> Jul 17 11:54:24 SDVPC01 sshd[21766]: pam_unix(sshd:session): session
> opened for user nx by (uid=0)
> Jul 17 11:54:28 SDVPC01 sshd[21845]: Accepted password for root from
> 127.0.0.1 port 60862 ssh2
> Jul 17 11:54:28 SDVPC01 sshd[21845]: pam_unix(sshd:session): session
> opened for user root by (uid=0)
> Jul 17 11:54:28 SDVPC01 sshd[21845]: pam_unix(sshd:session): session
> closed for user root
> Jul 17 11:55:33 SDVPC01 sshd[21766]: pam_unix(sshd:session): session
> closed for user nx
> Jul 17 11:56:34 SDVPC01 sshd[22131]: Accepted password for root from
> "myIP" port 50903 ssh2
> Jul 17 11:56:35 SDVPC01 sshd[22131]: pam_unix(sshd:session): session
> opened for user root by (uid=0)
> 
> node.conf:
>      Master:
> 
> # node.conf

<snip>

> 
> # LOAD BALANCING
> # ==============
> #
> # To do load balancing setup some hosts in LOAD_BALANCE_SERVERS and
> # make:
> #
> #   - either sure that all incoming connections are sent to the master
> #     server by using forwarding directives on the "slave" servers.
> #
> #   - or share the session database space via NFS between the servers.
> #     (not recommended at the moment as race conditions for DISPLAYs
> can 
> #      occur)
> #
> ENABLE_LOADBALANCE="1"
> 
> LOAD_BALANCE_SERVERS="x.x.x.100 x.x.x.101 x.x.x.104 x.x.x.105
> x.x.x.108 x.x.x.109 x.x.x.110 x.x.x.111 x.x.x.112 x.x.x.113 x.x.x.114
> x.x.x.115 x.x.x.116 x.x.x.117 x.x.x.118"
> 
> # The following load_balance_algorithms are available at the moment:
> #
> # "load", "round-robin", "random"
> #
> # For "load" you need a script called nxcheckload in PATH_BIN.
> # 
> # A sample script, which you can change to your needs it shipped with
> # FreeNX under the name nxcheckload.sample.
> 
> LOAD_BALANCE_ALGORITHM="load"
> 

<snip>

On the master things looks ok, only that you have chosen to use "load"
as algorithm, which I would have waited with until I had "random"
working.

> 
>      node:
> 
> # node.conf

<snip>

> ENABLE_SERVER_FORWARD="1"
> SERVER_FORWARD_HOST="x.x.x.100"
> SERVER_FORWARD_PORT=22
> SERVER_FORWARD_KEY="/etc/nxserver/client.id_dsa.key"
> 

This I don't understand - why have you the nodes configured to send the
sessions _back_ to the master host? The forwarding directive, IIRC, can
be used to forward a session to a server behind the one facing the
users, and should not be used in this setup - at least not on the hosts
behind the master...

I haven't gotten around to test this setup myself yet, but I have gotten
in some servers I was hoping to try this setup on when time is
available. That means that my recommendations here are not tested, just
tips according to my understanding of things...

Hope this works out and that you reply with the solution to this setup
when it's working :-)

Regards,

Terje

More information about the FreeNX-kNX mailing list