# X11 Forwarding Tutorial



## Lego (Nov 22, 2009)

Does anyone Have a walkthrough On how to use/setup X11Forwarding?

I've been doing a little searching and the best thing I can find is this: http://w140.com/kurt/xauth.html

I don't understand what he means when he says in the jail? I've tried a couple different options and other pages but I've not had much luck These are my config files:
sshd_config(Everything Is Completely Default Except the Match user spot its not really question marks) :

```
# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server
DenyGroups deniedssh
IgnoreRhosts yes
Banner /root/sshmessage.txt
IgnoreUserKnownHosts no
PrintMotd yes
StrictModes yes
RSAAuthentication yes
PermitRootLogin yes
PermitEmptyPasswords no
PasswordAuthentication yes
UsePrivilegeSeparation yes
#X11Forwarding yes
#X11UseLocalhost no

# Example of overriding settings on a per-user basis
Match User ?????
        X11Forwarding yes
        X11UseLocalhost no
        AllowTcpForwarding yes
#       ForceCommand cvs server
```

I have checked the enable X11 Forwarding in the putty configuration, but I don't know what to put 'X Display Location' textbox. I have restarted sshd



```
blurr-ink# startx
xauth:  creating new authority file /root/.serverauth.1423


X.Org X Server 1.4.2
Release Date: 11 June 2008
X Protocol Version 11, Revision 0
Build Operating System: FreeBSD 7.1-PRERELEASE i386
Current Operating System: FreeBSD blurr-ink.com 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Thu Jan  1 14:37:25 UTC 
2009     root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys
/GENERIC i386
Build Date: 08 September 2008  12:37:00PM

        Before reporting problems, check http://wiki.x.org
        to make sure that you have the latest version.
Module Loader present
Markers: (--) probed, (**) from config file, (==) default setting,
        (++) from command line, (!!) notice, (II) informational,
        (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Sat Nov 21 19:36:56 2009
(==) Using config file: "/root/xorg.conf"
(II) Module "ddc" already built-in
(II) Module "i2c" already built-in
(EE) intel(0): No valid modes.
(EE) Screen(s) found, but none have a usable configuration.

Fatal server error:
no screens found
XIO:  fatal IO error 53 (Software caused connection abort) on X server ":0.0"
      after 0 requests (0 known processed) with 0 events remaining.
blurr-ink#
```

And I get this for KDM:

```
$ kdm
Updating KDM configuration
/libexec/ld-elf.so.1: Shared object "libjpeg.so.9" not found, required by "genkdmconf"
/libexec/ld-elf.so.1: Shared object "libjpeg.so.9" not found, required by "kdm-bin"
$
```

I get the same results if I su first.  Any Advice would be grateful.


----------



## Lego (Nov 22, 2009)

Ok, http://forums.freebsd.org/showthread.php?t=7615, on that page the person says to just link 9 to 10 like this:

```
ln -s /usr/local/lib/libjpeg.so.10 /usr/local/lib/libjpeg.so.9
```

So I did that, and tried to startx again, and received the exact same error, and when trying kdm got this:

```
blurr-ink# kdm
Updating KDM configuration
Information: reading current kdmrc /usr/local/share/config/kdm/kdmrc (from kde >= 2.2.x)
Information: current kdmrc is from kde >= 3.1 (config version 2.3)
blurr-ink#
```

Then Nothing Happens...


----------



## anomie (Nov 22, 2009)

@Lego: are you trying to fire up a full-on DE over X11? I'm not sure that is possible. 

If that's your intention, take a look at something like nx. (Actually, the net/nxserver port seems to be marked Ignore for the amd64 arch. FYI.) 

Otherwise, just launch the application you need directly, and that will get forwarded over X11. 

e.g.: `% xcalc`


----------



## phoenix (Nov 23, 2009)

Lego said:
			
		

> I have checked the enable X11 Forwarding in the *putty configuration*, but I don't know what to put 'X Display Location' textbox. I have restarted sshd



Have you installed an X server onto your Windows box (PuTTY is a Windows app)?  If not, you cannot use X11 forwarding, as there is no X server to display anything.


----------



## DutchDaemon (Nov 23, 2009)

I must be running a Windows ports tree! security/putty


----------



## Lego (Nov 23, 2009)

okay, Um yes I'm trying to get a full blown KDE desktop through X.  or even a properly working Fluxbox, something that will let me use konsole/firefox/file browser(this being the most important), anything. 

I have tried tightvnc server on my bsd box, with the tightvnc viewer installed on my windows box. Problem was KDE/GNOME and all those wouldn't work, ONLY fluxbox/twm would load properly, and even then I couldn't open a konsole/firefox/file browser/anything not x (meaning xclock/xcalc/etc), nothing.

Maybe I'm not understanding what exactly x11 forwarding is.... 

but I want to be able to (from my windows box) open putty connect to my server, and startx or kde (preferably kde), and see it on my windows box...in my putty window


----------



## Lego (Nov 23, 2009)

http://www.freebsddiary.org/tightvnc.php thats the link I used for setting up tightvnc, and when you make the change like he says to do to make twm replaced KDE it doesn't work... you get twm with no borders and bars...

http://forums.freebsd.org/showthread.php?t=7472 that is my previous thread about tightvnc

phoenix, so I need something else installed in my windows box? not just putty?


----------



## mickey (Nov 23, 2009)

Lego said:
			
		

> Maybe I'm not understanding what exactly x11 forwarding is....
> 
> but I want to be able to (from my windows box) open putty connect to my server, and startx or kde (preferably kde), and see it on my windows box...in my putty window



I'm afraid that will not quite work as you expect it to. For anything to be displayed on your windows box, you need to install an X server on it, to which remote X applications then will forward their display.

Try installing Cygwin/X on your windows box. This will get you an X server. Then you may either forward single applications to your X display, or open up a full X session, provided you have some XDMCP capable display manager running on the FreeBSD box, like xdm, gdm or kdm(?).


----------



## Lego (Nov 23, 2009)

I have gnome2/kde3.5/kde4/twm/fluxbox and one more installed I believe, I'm installing cygwin/X on my windows box now, I have so many installed on my BSD box from when I was trying to get tightvnc to work with anything other then twm....  So after this installs, where do I go from there??


----------



## mickey (Nov 23, 2009)

Lego said:
			
		

> So after this installs, where do I go from there??



After installing Cygwin/X you should find a Cygwin Icon on your desktop, which will open up a shell window. For a start you might try the following:


in the cygwin shell window, enter _X_. This will start a local X server on windows. You should see a fullscreen window with the well known gray background.
Assuming you have already setup and saved a putty session, for connecting to your FreeBSD box, load the session from the session menu, navigate the tree to Connection->SSH->X11.  Check the _Enable X11 forwarding_ checkbox, and enter into the _X display location_ field: ":0.0". Now click the _Open_ button, to open the session.
Log into your FreeBSD box, using your password/passphrase/whatever.
Now logged into your remote FreeBSD box, try to start some X application, like xterm for example. You should see the applications window appearing on your cygwin/X window.
You will notice, that the window of the remote application, that appears on your windows display, will not have any decorations, or handles, as there is no local window manager running.

This is only a simple test case, where an application forwards it's display to a remote X server, by tunneling it through SSH.

For a workable more advanced setup, you will probably need to setup XDMCP, meaning you will have to configure xdm/gdm/kdm, or whichever display manager you are using on your FreeBSD box, to listen for and allow XDMCP requests from the remote windows machine.

Then you would use someting like _X -query <hostname>_ on cygwin, to open an XDMCP session to your remote display manager.


----------



## phoenix (Nov 23, 2009)

DutchDaemon said:
			
		

> I must be running a Windows ports tree! security/putty



Cool, didn't know it was available for non-Windows.  Don't know why anyone would run it on a non-Windows box, considering every Unix-like system out there comes with OpenSSH.


----------



## MissileSilo (Nov 23, 2009)

phoenix said:
			
		

> Cool, didn't know it was available for non-Windows.  Don't know why anyone would run it on a non-Windows box, considering every Unix-like system out there comes with OpenSSH.



From http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html

A.3.3 What's the point of the Unix port? Unix has OpenSSH.

All sorts of little things. pterm is directly useful to anyone who prefers PuTTY's terminal emulation to xterm's, which at least some people do. Unix Plink has apparently found a niche among people who find the complexity of OpenSSL makes OpenSSH hard to install (and who don't mind Plink not having as many features). Some users want to generate a large number of SSH keys on Unix and then copy them all into PuTTY, and the Unix PuTTYgen should allow them to automate that conversion process.

There were development advantages as well; porting PuTTY to Unix was a valuable path-finding effort for other future ports, and also allowed us to use the excellent Linux tool Valgrind to help with debugging, which has already improved PuTTY's stability on all platforms.

However, if you're a Unix user and you can see no reason to switch from OpenSSH to PuTTY/Plink, then you're probably right. We don't expect our Unix port to be the right thing for everybody.


----------



## Lego (Nov 23, 2009)

Okay mickey, The installation has finished, and yes after opening the Cygwin shortcut from the desktop I did get a shell window, but X does not work. Also how do I change it from Bash to tsch or which ever is the default for a BSD install. I prefer that shell.
This is what I get:


```
L3G0@L3G0-PC ~
$ x
bash: x: command not found

L3G0@L3G0-PC ~
$ X
bash: X: command not found

L3G0@L3G0-PC ~
$ startx
bash: startx: command not found
```

Also, I cannot find the startxwin.bat file anywhere... I Think I may have mucked the install, so I'm re-installing, and selecting all->install instead of default....

And I have been reading through the user guide http://x.cygwin.com/docs/ug/using.html


----------



## Lego (Nov 23, 2009)

Ok installation of Everything is done, and this time when I opened Cygwin and `# X` It opened the New Window and As you said The Normal Test Gray Full Screen.  Closed all the windows, opened cygwin again, `# startx`, Opened putty and connected, put password in and tried a couple x apps:






Startx opened the Login Terminal and Xterm and Clock. No commands I put into putty worked as you can see. Im missing something. 

LOL what?


----------



## mickey (Nov 24, 2009)

From the screenshot, I take it, you are running Vista or Windows 7?
Which version of cygwin/X did you download? Maybe you should try to get the latest 1.7 beta.
Recently there has been another problem with X authentication with the older cygwin release, that does not seem to appear on W2k/XP.

As for tcsh:

Start cygwin setup program
Select tcsh from the shells subtree
Install
Voila


----------



## Lego (Nov 24, 2009)

Yes, Windows 7, Love it! way better then vista.  I installed all the shells from the setup app... I did a install ALL for everything.  As for the version I downloaded, http://x.cygwin.com/ scroll to the very bottom under downloading and Installing and clicked the very first setup.exe link.  What ports do I need forwarded? Because I'm not running ssh on default port 22.  So that would clash wouldn't it?


----------



## Zare (Nov 24, 2009)

Do you have ForwardX11Trusted entry in your sshd_config?


----------



## Lego (Nov 24, 2009)

hmm nope haven't seen anything on any info sites about that, and I haven't added or heard of it, so what do I put in my sshd_config:

```
ForwardX11Trusted yes
```

??

ADDED: nope I'm wrong.....lol not suprised 

```
blurr-ink# /etc/rc.d/sshd stop
Stopping sshd.
blurr-ink# /etc/rc.d/sshd start
Starting sshd.
/etc/ssh/sshd_config: line 134: Bad configuration option: ForwardX11Trusted
/etc/ssh/sshd_config: terminating, 1 bad configuration options
blurr-ink#
```


----------



## Lego (Nov 24, 2009)

This is my sshd_config:

```
#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
#       $FreeBSD: src/crypto/openssh/sshd_config,v 1.47.2.2.2.1 2008/11/25 02:59:29 kensmith Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#VersionAddendum FreeBSD-20080901

Port ?????
#Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.
#PasswordAuthentication no
#PermitEmptyPasswords no

# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/libexec/sftp-server
DenyGroups deniedssh
IgnoreRhosts yes
Banner /root/sshmessage.txt
IgnoreUserKnownHosts no
PrintMotd yes
StrictModes yes
RSAAuthentication yes
PermitRootLogin yes
PermitEmptyPasswords no
PasswordAuthentication yes
UsePrivilegeSeparation yes
X11Forwarding yes
X11UseLocalhost no
AllowTcpForwarding yes
ForwardX11Trusted yes

# Example of overriding settings on a per-user basis
Match User ????????
       X11Forwarding yes
       X11UseLocalhost no
       AllowTcpForwarding yes
#       ForceCommand cvs server
```

How exactly does putty (on my windows box) give the command to my BSD box, and then the BSD box passing that information to the Cygwin (on my windows box)... Without any configuring BSD to talk to cygwin or even for putty to talk to cygwin.

Like say I have cygwin open(used startx), then I open putty (both on my windows box), log into my BSD box with putty, and use the command xcalc.  So my BSD box would normally open the xcalc on my bsd box monitor(which doesn't actually exist).  But because we have X11 in putty set to forward x11 and sshd_config to forward x11, don't we need to configure some sort of connection between the putty and cygwin running on my windows machine or between my bsd box, and cygwin running in windows??? .... Not sure if that all makes sense, but it seems to me like I'm missing some configuration.....


----------



## Lego (Nov 24, 2009)

Ok I just tried something for poops and giggles....

opened cygwin `$ startx`, and from the xterm `$ ssh [email=?????@blurr-ink.com]?????@blurr-ink.com[/email]`, and then from the xterm in cygwin, tried to start xcalc and got this error:

```
blurr-ink# xcalc
Error: Can't open display
Blurr-ink#
```

Also when I just closed my cygwin window (twm), it said are you sure you want to close this connection and there was 6 clients connected...... very odd....


----------



## mickey (Nov 24, 2009)

I don't think there's anything wrong with your SSH X11 forwarding. Looking at the output in your screenshot, the messages seem to indicate that there's something wrong with X authentication. Also they indicate, that SSH has correctly setup a tunnel for X11 forwarding and has setup the DISPLAY environment accordingly.

You should deinstall cygwin, and get the 1.7 beta setup.exe here: http://cygwin.com/#beta-test

Chances are, that this problem then simply vanishes.


----------



## Lego (Nov 24, 2009)

will do. trying it now... I'll get back to ya


----------



## Lego (Nov 24, 2009)

Ok I've finished installing the new beta version, same result:





So How or Why is this authentication error happening & how do you suggest I try to fix it?


----------



## mickey (Nov 24, 2009)

Now that I see it in the screenshot... you used _startx_ to bring up the X server on your windows machine. Try using _X_ instead.

I guess the problem is simply that your FreeBSD box is not authorized to make a connection to your windows X display, when you use startx to bring it up.

Another possibility is to disable access control for your cygwin/X display, by issuing the following command in one of the xterms that pop up when using startx to bring up cygwin:

```
xhost +
```


----------



## Lego (Nov 25, 2009)

Ok I will give that stuff a try, Now I did some more research and found this: http://www.karlrunge.com/x11vnc/  Now I installed it, and started it with `# x11vnc -find` and got this as a result:


```
24/11/2009 19:14:59 x11vnc version: 0.9.6 lastmod: 2008-12-08
24/11/2009 19:14:59 wait_for_client: WAIT:cmd=FINDDISPLAY
24/11/2009 19:14:59 initialize_screen: fb_depth/fb_bpp/fb_Bpl 24/32/2560
24/11/2009 19:14:59
24/11/2009 19:14:59 Autoprobing TCP port
24/11/2009 19:14:59 Autoprobing selected port 5900

The VNC desktop is:      blurr-ink.com:0
PORT=5900
```

when I opened TightVNC viewer to connect I got this (in the putty shell that I used to -find, basically right below it....):

```
24/11/2009 19:16:44 Got connection from client 216.8.133.228
24/11/2009 19:16:44   other clients:
24/11/2009 19:16:44 wait_for_client: got client
24/11/2009 19:16:44 wait_for_client: running: env X11VNC_SKIP_DISPLAY=''  /bin/sh /tmp/x11vnc-find_display.xlSsBc
xauth:  creating new authority file /var/lib/kdm/A:0-crWk72
24/11/2009 19:16:45 wait_for_client: find display cmd failed
24/11/2009 19:16:45 wait_for_client: bad reply '
'
blurr-ink#
```


----------



## mickey (Nov 25, 2009)

I might be wrong, but VNC is probably not what you want. You have to understand, that there are subtle differences in how both solutions work.

A solution like VNC requires that on the server there is a desktop environment of some sort running locally, which you can then access remotely. This is in essence, copying the screen contents from monitor A to monitor B, and sending the mouse position to the server. In the windows world, this might make some sense, as there is no windows without a graphical desktop, even on so called servers 

With X11 forwarding, each X application running on the server, displays on a remote display. There is no need for a graphical display on the server side, it could even be headless with just a serial console attached. It doesn't even need to have an X server installed. And there can be multiple users, working on remote displays, all using the same server for running the actual applications.


----------



## Lego (Nov 25, 2009)

I do understand that, and your right I want true forwarding and not VNC but i thought I would try it....(at this point though i will take what I can get... as long as i dont' have to do every single thing in a xterm/terminal), in fact that brings me to my next question.... Because I don't have a monitor/keyboard/mouse hooked up to my server but I do have an xserver/kde/gnome2/twm/fluxbox and all that stuff installed and works if I hook a monitor/keyboard/mouse up.

If hook a monitor/keyboard/mouse up to my server I MUST `$ su` before I can `# startx` or `# kdm`.  It would never let me start either as a normal user, is that possibly what is causing the issue here?


----------



## mickey (Nov 25, 2009)

Lego said:
			
		

> I do understand that, and your right I want true forwarding and not VNC but i thought I would try it....(at this point though i will take what I can get... as long as i dont' have to do every single thing in a xterm/terminal), in fact that brings me to my next question....



As I said earlier, bringing up some xterm on your windows X display is only a test, to verify that X11 forwarding between the two machines works in general. To get the real thing (tm), you will probably want to setup some display manager, to get a full graphical login, session management, and all the other good stuff.

If you are going to use KDE, then kdm would be the program of choice. A quick google suggests, that XDMCP configuration of kdm is quite similar to that of xdm, which I have been using quite a while. So why not give it a try?



			
				Lego said:
			
		

> If hook a monitor/keyboard/mouse up to my server I MUST `$ su` before I can `# startx` or `# kdm`.  It would never let me start either as a normal user, is that possibly what is causing the issue here?



I don't think so. Did you by chance uncheck the _Install X server setuid_ config option, when installing the Xorg server port? That could explain such behaviour, but should be irrelevant as it only matters when using _startx_. Any display manager (xdm, gdm, kdm, ...) should take care of starting the X server with a privileged uid. The other thing is, you don't need an X server running on that machine, when you are going to access it via a remote display.


----------



## Lego (Nov 25, 2009)

No Default install of Freebsd 7.1-R and install X and all sources option... 

And If I can't even get xcalc(or an xterm for that matter)  to boot in twm/X why try kdm... something is definitely wrong....   I just don't see the reason to try and get kdm to boot when I can't even get any x application to run remotely....

Okay so I have tried using just X now and still I'm getting the same errors...
I'm getting very frustrated, why is it doing this to me..... I've tried a bunch of different little things i found on other sites... nothing works All I keep getting is the refused by server error , authentication error.... I even just tried to use Xming, Same result...

Okay So I click the Cygwin shortcut from the desktop it opens the terminal, I type X and hit enter and it opens the X server (big grey background), then I open putty and connect to the blurr-ink server.... is that the right order??

Another thing why does it say refused  by 'blurr-ink.com:10.0' shouldn't it say blurr-ink.com:0.0 ???


----------



## mickey (Nov 25, 2009)

Lego said:
			
		

> Okay So I click the Cygwin shortcut from the desktop it opens the terminal, I type X and hit enter and it opens the X server (big grey background), then I open putty and connect to the blurr-ink server.... is that the right order??


It is.


			
				Lego said:
			
		

> Another thing why does it say refused  by 'blurr-ink.com:10.0' shouldn't it say blurr-ink.com:0.0 ???



Actually neither. It is supposed to say something like _'localhost:10.0'_.

What is in your _/etc/hosts_ file?


----------



## Lego (Nov 25, 2009)

/etc/hosts:

```
::1             localhost blurr-ink.com
127.0.0.1       localhost blurr-ink.com
192.168.0.194   localhost blurr-ink.com
```

it has other stuff.... obviously, but this is the only un-hashed stuff..

Okay, I did a little more research, and I guess I have those wrong.... They might still be wrong but this is what I changed them too....


```
::1             localhost.blurr-ink.com localhost
127.0.0.1       localhost.blurr-ink.com localhost
192.168.0.194   localhost.blurr-ink.com localhost
```

Now when I open the X server then putty, instead of getting the refused connections it just does nothing.....


----------



## Lego (Nov 25, 2009)

OPPSSS!!!!

okay it didn't work:

```
blurr-ink# xcalc
Error: Can't open display: blurr-ink.com:10.0
blurr-ink#
```

But atleast we aren't getting the connection error, and authentication error anymore :S


----------



## Lego (Nov 26, 2009)

Well I fixed it.... Mostly, Not sure Which thing did it but I'll list what I've done.

Installed Cygwin 4 times....LOL yes I was having some issues.... because there is issues if you mess up half way through, so I have on my windows box c: \cygwin1 through c: \cygwin4 (and c: \cygwin download files\1 through 4).... LOL 1&3 are stable version 2&4 are 1.7, 4 is the working version, During the Install when you select the apps to install I selected ALL -> Install not default. Also, Im having issues getting the old versions out.... the setup app doesn't remove the files properly when you change it to Uninstall.... and I just did a right-click delete on cygwin1 which deleted all the files except a "C: \cygwin\dev\nul" file which gives me an error message popup stating:

```
Invalid MS-DOS function.
nul
Type:file
Size:0bytes
date modified:etc...
Try again, cancel
```
try again fails every time....

Anyway, Back to BSD:
Changed /etc/ssh/sshd_config to:

```
DenyGroups deniedssh
IgnoreRhosts yes
Banner /root/sshmessage.txt
IgnoreUserKnownHosts no
PrintMotd yes
StrictModes yes
RSAAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication yes
UsePrivilegeSeparation yes
GatewayPorts yes
KeepAlive yes
AllowAgentForwarding yes
AllowTcpForwarding yes
X11Forwarding yes
```

Changed /etc/ssh/ssh_config to:

```
Host L3G0@L3G0-PC (this is my cygwin shell host name I guess)
	ForwardX11 yes
	ForwardAgent yes
	StrictHostKeyChecking ask
```

Changed /etc/hosts to:

```
::1             localhost.blurr-ink.com localhost
127.0.0.1       localhost.blurr-ink.com localhost
192.168.0.194   localhost.blurr-ink.com localhost
```

That is the only way it would work for me Not sure why. I was under the impression that the word following localhost.blurr-ink.com was a nickname for the server, but thats the only way it would work for me.

So I reboot the bsd box, open cygwin and `$ sh /usr/bin/startxwin.sh`, open putty log in and it works.. xcalc konqueror, minesweeper all worked... firefox doesn't want to open but Epiphany browser works fine.  Um weird thing with konqueror I can use it to navigate/open files but if i try to open a web page with it, it closes....

So Anyway, I can Log in and it works now, But How do I use root? cuz to install apps or change stuff, I need to be root. When I su'd to root in the putty window then tried to open something it gave the same error as before:

```
blurr-ink# xcalc
Xlib: connection to "localhost:10.0" refused by server
Xlib: PuTTY X11 proxy: wrong authentication protocol attempted
Error: Can't open display: localhost:10.0
blurr-ink#
```


----------



## mickey (Nov 26, 2009)

Lego said:
			
		

> Well I fixed it.... Mostly, Not sure Which thing did it but I'll list what I've done.


Congratulations.


			
				Lego said:
			
		

> Changed /etc/ssh/sshd_config to ...


Um, how is it now different than before?



			
				Lego said:
			
		

> Changed /etc/hosts to:
> 
> ```
> ::1             localhost.blurr-ink.com localhost
> ...



To be honest, I never changed /etc/hosts from the default, that gets installed with FreeBSD. The hostname gets set in /etc/rc.conf, and for everything else, I have an operable DNS server 



			
				Lego said:
			
		

> So I reboot the bsd box, open cygwin and `$ sh /usr/bin/startxwin.sh`, open putty log in and it works.. xcalc konqueror, minesweeper all worked... firefox doesn't want to open but Epiphany browser works fine.  Um weird thing with konqueror I can use it to navigate/open files but if i try to open a web page with it, it closes....



I guess web browsers are a beast of it's own kind. Personally I use firefox only. Started epiphany one time, had a short look, case closed.

Maybe these days, I will find the time, to install cygwin on another machine, so I could test it against my workstation, while it is running FreeBSD. Then I could tell you how well firefox works for me over X11 forwarding. My server has only very basic X stuff installed. So, no browsers, no Gnome, ...



			
				Lego said:
			
		

> So Anyway, I can Log in and it works now, But How do I use root? cuz to install apps or change stuff, I need to be root. When I su'd to root in the putty window then tried to open something it gave the same error as before:
> 
> ```
> blurr-ink# xcalc
> ...


Not sure, how the SSH tunneled X11 forwarding reacts to a change of the UID. But what happens, if you start an xterm from your putty login, and use _su_ within that xterm instead?


----------



## Lego (Nov 26, 2009)

Well the sshd_config and ssh_config, I toasted, and used webmin to generate new files for both.

LOL, well as for the hosts file, You asked so I told, Then believed something was wrong with it.... Which resulted in about 15 different configurations until I got this one working 

As for the Firefox thing, If I hook the monitor/keyboard/mouse up firefox/kde/gnome2 all works fine, I'm wondering if its the base memory for cygwin causing the firefox to crash, its a more resource heavy browser compared to Epiphany.  My Server was doubling as a Work Station/Server when I was at my old apartment... bigger desk room for 2 monitors/keyboards/mice; its been a server only since I moved...much smaller apartment/desk.

I tried using the putty to open an xterm then su, Same Error. But I found a work around... I had changed my port back default as so I could eliminate that as and issue, and well overnight I had a crazy amount of hack attempts.... so sshguard is not working again ARGH!!!! But back to the point, I had root logins disabled, but I again changed my Port to a very obscure port and enabled root logins again, and If I log in as root with putty it allows me to use the xapps as root. problem solved!

I've done a few google searches like you suggested to use KDM instead of startx or just X, and everything talks about XDMCP or something, but Configuring for it all seems to be related to mandrake, linux, ubuntu, etc... so How would I try and get that working on BSD?


----------



## mickey (Nov 27, 2009)

Lego said:
			
		

> Well the sshd_config and ssh_config, I toasted, and used webmin to generate new files for both.


*igh*



			
				Lego said:
			
		

> LOL, well as for the hosts file, You asked so I told, Then believed something was wrong with it.... Which resulted in about 15 different configurations until I got this one working


When it doesn't say 'localhost', where it is supposed to say 'localhost', this smells like something must be wrong with /etc/hosts :e
The comments in this file aren't very helpful either. And why would I want 'localhost.my.domain' ?



			
				Lego said:
			
		

> As for the Firefox thing, If I hook the monitor/keyboard/mouse up firefox/kde/gnome2 all works fine, I'm wondering if its the base memory for cygwin causing the firefox to crash, its a more resource heavy browser compared to Epiphany.



Sure, but it should run anyways. Does firefox give you some error message when it crashes?



			
				Lego said:
			
		

> I tried using the putty to open an xterm then su, Same Error. But I found a work around... I had changed my port back default as so I could eliminate that as and issue, and well overnight I had a crazy amount of hack attempts.... so sshguard is not working again ARGH!!!! But back to the point, I had root logins disabled, but I again changed my Port to a very obscure port and enabled root logins again, and If I log in as root with putty it allows me to use the xapps as root. problem solved!


By definition, you should not execute X apps as root anyway 



			
				Lego said:
			
		

> I've done a few google searches like you suggested to use KDM instead of startx or just X, and everything talks about XDMCP or something, but Configuring for it all seems to be related to mandrake, linux, ubuntu, etc... so How would I try and get that working on BSD?



For a start you need to locate, where kdm keeps the corresponding configuration files. What I found on kdm and XDMCP suggested, that these are similar in structure and contents to that of xdm, so I presume, these will be called Xservers, Xaccess, and probably some more like Xsession and a kdm configuration file.

If they copied that stuff from xdm, those files should be commented quite well.

What you want to do next is three things:

Comment out any X server line in the Xservers file, so that kdm will not start an X server on the local display.
Allow XDMCP access from your windows machine, by configuring the Xaccess file.
Make sure kdm will open and listen on the XDMCP port (177) at all.
Now you should be able to test, if it works. I guess kdm will also have some commandline flag, to not daemonize it, but run it in the foreground with debugging output enabled. For a test run, this would come in handy, so you can see whats happening on the server side.

On windows, start the cygwin shell as usual, then try to connect with [CMD=""]X -query <your_server_hostname>[/CMD].


----------



## Lego (Nov 27, 2009)

http://www.freebsd.org/doc/en/books/handbook/configtuning-configfiles.html I was looking at that... it uses localhost and localhost.my.domain... I simply copied that... mind you mine are backwards now that I think about it... but none the less I was following that.

LOL must have been a glitch.... Firefox is working fine now.

Yes, I know that you shouldn't run Xapps as root, but if you wanted to edit /etc/rc.conf or /etc/hosts or any system file, not to mention all my website files are owned by root.... you have 2 choices (as I see it) su and edit them in a putty window (ee), or open kedit as root and make my life easier. I dunno I always had to su before starting X or kdm when I had a monitor/keyboard/mouse hooked up to it anyway.. so that doesn't bother me.

Thanks for all the help, I'll try the XDMCP in the morning, gotta get some zZzz... good night.


----------



## mickey (Nov 27, 2009)

Lego said:
			
		

> http://www.freebsd.org/doc/en/books/handbook/configtuning-configfiles.html I was looking at that... it uses localhost and localhost.my.domain... I simply copied that... mind you mine are backwards now that I think about it... but none the less I was following that.


I always first edit the config files, and read the documentation later 



			
				Lego said:
			
		

> Yes, I know that you shouldn't run Xapps as root, but if you wanted to edit /etc/rc.conf or /etc/hosts or any system file, not to mention all my website files are owned by root.... you have 2 choices (as I see it) su and edit them in a putty window (ee), or open kedit as root and make my life easier.



You should see to it that you get used to a decent editor that runs in a terminal :e
Personally, I couldn't bear it, if I had to move my hands away from the keyboard, everytime an extra editor window opens *somewhere*.



			
				Lego said:
			
		

> Thanks for all the help, I'll try the XDMCP in the morning, gotta get some zZzz... good night.



np, keep me updated, how it works out.


----------



## Lego (Dec 4, 2009)

Okay, Sorry it's been so long since a response, but funny thing happened.. well not funny I'm extremely upset...

Landlord came to fix the stove well I was not home, and my girlfriend forgot to power down my computers... Well to make a long story short The CPU fan in my Server has been finicky lately and I've not had the time to change it.  So When the Landlord decided he'd flip every single breaker off in my apartment, he killed power to my server, and because my girlfriend didn't know I was having issues with my fan, she didn't know not to let the computer turn itself back on (see the fan ran fine it was the start up spin it was having trouble with).... So Basically my system overheated beeped a bunch and shut off..... I opened the Case and the Fan was completely dead now... I've still not had time to get to the store and buy a replacement and see if the overheating was fatal to the system, so I took my girlfriends computer (she doesn't use it anymore) and installed FreeBSD-8.0, and ALL the trimmings.

I was able to get:
freebsd 8.0
->xorg 7.4 & twm
->gnome2
ssh
->sshguard 1.4.4
bind
apache22
->php5
->php5-extensions
->awstats
->webalizer
->logrotate
mysql-client5
mysql-server5
sendmail
->imap-uw
->procmail
->p5-mail-SpamAssassin using Spamhaus reject list
->->spamass-milter
->clamav
->->clamav-milter
->Roundcube
proftpd
Webmin
Virtualmin

All Installed first shot all working 100% and I don't know if its just because a few of the programs (eg webmin/virtualmin/sshguard/spamassassin/procmail) are all newer versions and all work better together now, but DAMN! system is hot now! lol I have control over more options in webmin, virtualmin is working perfectly (it wasn't before), everything just pieced together perfectly!

Anyway, I just wanted to give you and Update Where I stood with the XDMCP, I have xforwarding working perfect I don't have to mess around anymore to get apps to work.  I've still not tried XDMCP as I've been more busy getting everything else up and running.  

But I intend to try it tomorrow.  But since I went the Gnome2 route instead of kde I'll be using gdm instead of kdm so will that pose a more troublesome route to get it working??

I just had a couple off topic questions, Where did all the Xapps go?? like xclock/xeyes

I installed awstats and the cron job setup (i presume correctly), and I have the Link to view those stats.. but how do I see the webalizer stats? ADDED: NEVERMIND! rescanned for usable modules...

1 last thing, will installing horde or squirrel mail conflict with roundcube in anyway? or can I install as many webmail clients as I want? for that matter anyone tried Usermin for webmail?


----------



## mickey (Dec 4, 2009)

Lego said:
			
		

> So Basically my system overheated beeped a bunch and shut off..... I opened the Case and the Fan was completely dead now... I've still not had time to get to the store and buy a replacement and see if the overheating was fatal to the system, ...


If the system has shut itself down, chances are it could still be operable.



			
				Lego said:
			
		

> All Installed first shot all working 100% and I don't know if its just because a few of the programs (eg webmin/virtualmin/sshguard/spamassassin/procmail) are all newer versions and all work better together now, but DAMN! system is hot now! lol I have control over more options in webmin, virtualmin is working perfectly (it wasn't before), everything just pieced together perfectly!


Yup, 8.0 is impressive as far as I can tell for now. I am still in the process of updating all my machines, and can't wait to play with the new wlan stuff 



			
				Lego said:
			
		

> But since I went the Gnome2 route instead of kde I'll be using gdm instead of kdm so will that pose a more troublesome route to get it working??



I guess not. Configuration is a bit different, but XDMCP is supported in gdm (although I never tried it).
The gdm daemon configuration file is located in /usr/local/etc/gdm/custom.conf. The relevant section for XDMCP is described here.



			
				Lego said:
			
		

> I just had a couple off topic questions, Where did all the Xapps go?? like xclock/xeyes


Those are all in the ports, so if you like them, you can install them from the ports. They are just not part of the xorg-apps port anymore. Guess things like xeyes were not considered necessary, to run a basic xorg install


----------



## DutchDaemon (Dec 4, 2009)

Roundcube and Squirrelmail can co-exist just fine, and can be used simultaneously. Don't know about Horde.


----------



## Lego (Dec 4, 2009)

I ended up installing Usermin, And I can't get XDMCP working.. and I constantly see people saying don't do it unless your absolutely need to... so I'm just going to be happy using normal xforwarding...


----------



## mickey (Dec 4, 2009)

There sure are some security considerations, one should keep in mind when using XDMCP, but there's nothing generally wrong with using it.

I got it working with gdm and am successfully logged in via XDMCP from my notebook. Here's what I have put into /usr/local/etc/gdm/custom.conf:


```
# GDM configuration storage

[xdmcp]

DisplaysPerHost=1
Enable=True
HonorIndirect=true
MaxPending=4
MaxSessions=4
MaxWait=30
MaxWaitIndirect=30
PingIntervalSeconds=15
Port=177
#Willing=/usr/local/etc/gdm/Xwilling

[chooser]

[security]

DisallowTCP=false

[debug]
```

At first I was having the issue, that gdm would not start when XDMCP was enabled, printing a message to the console like 'socket: hostname nor servername provided'. Recompiling gdm with the IPv6 option disabled seems to have solved this.


----------



## Lego (Dec 5, 2009)

Okay, I had the Exact same as what you have only I didn't have Willing Commented out, and I didn't have DisallowTCP=false under security.  I just made the changes to my files to reflect yours, and tried `$ X -query blurr-ink.com`.  I ended up with a big black screen with the x crosshair.  I received no errors on the console(server PC monitor) or in the cygwin terminal.  How do I recompile gdm without IPv6??

is port 177 the only port I need forwarded to my server?


----------



## mickey (Dec 5, 2009)

Lego said:
			
		

> Okay, I had the Exact same as what you have only I didn't have Willing Commented out, and I didn't have DisallowTCP=false under security.  I just made the changes to my files to reflect yours, and tried `$ X -query blurr-ink.com`.  I ended up with a big black screen with the x crosshair.  I received no errors on the console(server PC monitor) or in the cygwin terminal.  How do I recompile gdm without IPv6??



I guess you wont need to recompile gdm without IPv6, if it's starting up at all. The reason I had to do it seems to be, that I have no IPv6 support compiled into my (custom) kernel.

The Willing line is commented, cause that script doesn't actually exist, so it is pointless to have it in there, without actually creating the script. By default gdm uses something like the OS version for the willing message.

I presume the DisallowTCP should not really make a difference, as it only changes the way the _local_ X server is started.



			
				Lego said:
			
		

> is port 177 the only port I need forwarded to my server?



So I take it, you are passing that traffic through a router? You will probably also need these:

```
x11             6000/tcp   #6000-6063 are assigned to X Window System
x11             6000/udp
```

Be aware that you shouldn't do XDMCP over the internet without a protective layer, such as IPSEC wrapped around it, as XDMCP by itself does not employ encryption.


----------



## Lego (Dec 5, 2009)

okay those have been added same result


----------



## mickey (Dec 5, 2009)

Lego said:
			
		

> okay those have been added same result



mh, any chance to test whether it works from a client within the same LAN, i.e. no routers/firewalls in between?

I didn't have the chance to test it with cygwin yet. Client was FreeBSD 7.2 with Xorg over a wireless link. So the question is whether your firewall/router or cygwin cause the problem.


----------



## Lego (Dec 5, 2009)

well both computers I'm using are on the same network.  I have tried `$ X -query local.ip.address` from cygwin, same result, the first time the Black window opens I have no cross hair when it refreshes the connection I get the cross hair, and every time after, but that's it.

The Router is setup properly, I have all needed ports forwarded through the router to the server, and never really intended to you xdmcp over the internet, I always prefer staying local. even with ssh I rarely connect over the internet, I try to use local ips when ever possible


----------



## mickey (Dec 6, 2009)

I've set up a fresh install of cygwin/X on my notebook, running w2k. Configured gdm on my desktop to enable XDMCP, this time I left the DisallowTCP flag commented out, doesn't make any difference.

Result:









I wonder, what's going wrong in your setup.

BTW: The connection goes over a wireless link through my router, I do no port forwarding though.

How did you set up your port forwarding? Looking at the output of [cmd=""]netstat -a -f inet[/cmd], I see a bunch of tcp connections, originating on random ports of the server machine, destined to port 6000 on the cygwin client machine.


----------



## Lego (Dec 6, 2009)

okay, my port forwarding is set up the only way I know how to.  Choose the port number (obvious), choose the type (tcp/udp/both), choose where you want it to go (local.ip.of.server).


----------



## mickey (Dec 6, 2009)

Lego said:
			
		

> okay, my port forwarding is set up the only way I know how to.  Choose the port number (obvious), choose the type (tcp/udp/both), choose where you want it to go (local.ip.of.server).



I am afraid in that case that will be the wrong direction. Actually it is the server, that initiates the connections to port 6000 of the client.


----------



## Lego (Dec 6, 2009)

okay, So what do I need to do? I don't need to use it over the internet, both computers are in the same local network.


----------



## mickey (Dec 6, 2009)

Lego said:
			
		

> okay, So what do I need to do? I don't need to use it over the internet, both computers are in the same local network.



Then why do you want/need to set up a port forwarding at all? Are both machines located within the same physical network segment, or is there a router between them?

On the windows machine, is there some sort of firewall active, that possibly prevents inbound connections for tcp port 6000 ?


----------



## Lego (Dec 6, 2009)

hmm... Well you know what, I never thought of that! Windows Firewall is active... Figures... I've already disabled the forwarded ports from the router. so no more internet access on those ports. I'll unblock that port and try again.

I don't know what you mean when you say "Are both machines located within the same physical network segment, or is there a router between them?"

The Network is setup on a router, internet access comes into the router, and then everything in the home is hooked up to that router, I have a switch in 1 other location with multiple items there as well... I hope that answers your question.


----------



## Lego (Dec 6, 2009)

So I turned Windows Firewall right off, and tried again, still nothing... this is getting frustrating...


----------



## mickey (Dec 6, 2009)

Lego said:
			
		

> I don't know what you mean when you say "Are both machines located within the same physical network segment, or is there a router between them?"



What I mean is, if they are connected to the same ethernet segment, i.e. connected to the same HUB/Switch, etc. But looking at your diagram, they obviously are not.



			
				Lego said:
			
		

> The Network is setup on a router, internet access comes into the router, and then everything in the home is hooked up to that router, I have a switch in 1 other location with multiple items there as well... I hope that answers your question.



Indeed. So it looks like your router has something like 4 network interfaces installed. I still do not understand fully, for what purpose you wanted to set up a port forwarding on your router, for connections, that do not leave your local network. Normally, you would use some reserved network blocks, like 192.168.X.X or 10.X.X.X for your internal network, and perform normal routing among the various physical segments, that comprise your network. Then you would use NAT/port forwarding on the boundary to the internet, to connect services provided by one of your local machines to the outside world.

Anyways, I think we can narrow it down to probably being a problem with your router. With the windows firewall deactivated, there should be nothing on this side, that blocks the inbound connections on the windows machine.

What kind of firewall are you using on your router, and how is it configured? Does it indicate any denied packets, when you try to run remote X? If you are familiar with tools like tcpdump or wireshark, you could probably use these on the router to see, if the connection requests and responses get through.


----------



## Lego (Dec 6, 2009)

mickey said:
			
		

> Indeed. So it looks like your router has something like 4 network interfaces installed. I still do not understand fully, for what purpose you wanted to set up a port forwarding on your router, for connections, that do not leave your local network. Normally, you would use some reserved network blocks, like 192.168.X.X or 10.X.X.X for your internal network, and perform normal routing among the various physical segments, that comprise your network. Then you would use NAT/port forwarding on the boundary to the internet, to connect services provided by one of your local machines to the outside world.



Exactly, all items on my network are given an address from the router, a 192.168.XX.XX address; the 5 port switch is literally just that, no options/no dhcp server.  I have only the ports needed on my server forwarded to my server (eg Port 80 for my webserver).  I did not realize that I did not need port 177 and 6000 forwarded if I was staying in the local network, I wasn't thinking...



			
				mickey said:
			
		

> Anyways, I think we can narrow it down to probably being a problem with your router. With the windows firewall deactivated, there should be nothing on this side, that blocks the inbound connections on the windows machine.
> 
> What kind of firewall are you using on your router, and how is it configured? Does it indicate any denied packets, when you try to run remote X? If you are familiar with tools like tcpdump or wireshark, you could probably use these on the router to see, if the connection requests and responses get through.



The Router is a DIR-655 with lots of bells and whistles I don't really care for or use, 90% of the setup is all Default.
The Firewall Options I have are as follows:

```
FIREWALL SETTINGS
-> SPI Enabled

NAT ENDPOINT FILTERING
-> UDP Endpoint Filtering: Address Restricted
-> TCP Endpoint Filtering: Port And Address Restricted

ANTI-SPOOF CHECKING
-> Disabled

DMZ HOST
-> Disabled

APPLICATION LEVEL GATEWAY (ALG) CONFIGURATION
-> PPTP enabled
-> IPSec (VPN) Enabled
-> RTSP Enabled
-> SIP enabled
```

The Nat Endpoint filtering options are:

```
Endpoint Independent
Address Restricted
Port And Address Restricted
```

The Router does not show any denied packets it doesn't really keep good records... which bothers me but what can you do.

I have not used tcpdump or wireshark


----------



## mickey (Dec 6, 2009)

Lego said:
			
		

> I have only the ports needed on my server forwarded to my server (eg Port 80 for my webserver).  I did not realize that I did not need port 177 and 6000 forwarded if I was staying in the local network, I wasn't thinking...


Ok, and I take it by saying "forwarded" this means "forwarded from the external address to the internal one". So internally between your FreeBSD server and the Windows PC, there should be no forwarding active or necessary.



			
				Lego said:
			
		

> The Router is a DIR-655 with lots of bells and whistles


I must admit, that I am rather clueless, when it comes to this thingy.



			
				Lego said:
			
		

> The Router does not show any denied packets it doesn't really keep good records... which bothers me but what can you do.
> 
> I have not used tcpdump or wireshark



As a starting point, you could have a look at the traffic on your FreeBSD server, while you are trying to connect to it from the windows box.

gdm with XDMCP enabled should be listening on udp port 177, which could be verified by [cmd=""]netstat -n -a -f inet -p udp | grep 177[/cmd]. So when you connect to your server (using X -query <server>), there should be some udp packets coming in to port 177, and corresponding response packets flowing back.

The other interesting thing to know are tcp connections from your FreeBSD server to port 6000 of the client machine. Or more importantly, whether the corresponding response packets get through your router from the windows machine to your server.

You could use something like [cmd=""]tcpdump host <windows-pc>[/cmd], to show all traffic originating from or destined to <windows-pc>. The output will show the source and destination addresses/ports, and a "<" or ">" in between, denoting the traffic direction.

If you see packets flowing from your FreeBSD server to your windows-pc on port 6000, but no corresponding response packets flowing back, this could indicate, two things:

The packets do not reach port 6000 on your windows machine.
The response packets, sent by your windows machine, do not reach your FreeBSD sever,


----------



## Lego (Dec 6, 2009)

mickey said:
			
		

> Ok, and I take it by saying "forwarded" this means "forwarded from the external address to the internal one". So internally between your FreeBSD server and the Windows PC, there should be no forwarding active or necessary.




What I mean is when somoene uses blurr-ink.com or my Routers External IP (my Internet IP) The IP my router is given from my ISP, The requests are passed right through the router directly to the server. I have nothing forwarded to my windows box. There is no forwarding setup between my bsd box and my windows box, locally or outside my network, if that's even possible.




			
				mickey said:
			
		

> As a starting point, you could have a look at the traffic on your FreeBSD server, while you are trying to connect to it from the windows box.
> 
> gdm with XDMCP enabled should be listening on udp port 177, which could be verified by [cmd=""]netstat -n -a -f inet -p udp | grep 177[/cmd]. So when you connect to your server (using X -query <server>), there should be some udp packets coming in to port 177, and corresponding response packets flowing back.



looks like its not listening:

```
blurr-ink# netstat -n -a -f inet -p udp | grep 177
blurr-ink#
```



			
				mickey said:
			
		

> The other interesting thing to know are tcp connections from your FreeBSD server to port 6000 of the client machine. Or more importantly, whether the corresponding response packets get through your router from the windows machine to your server.
> 
> You could use something like [cmd=""]tcpdump host <windows-pc>[/cmd], to show all traffic originating from or destined to <windows-pc>. The output will show the source and destination addresses/ports, and a "<" or ">" in between, denoting the traffic direction.



Okay, I used `# tcpdump host 192.168.XX.XX` on the server console(terminal? not in GDM) and had no ssh connection running to eliminate those. And I used `$ X -query 192.168.XX.XX` in my Cygwin window.



			
				mickey said:
			
		

> If you see packets flowing from your FreeBSD server to your windows-pc on port 6000, but no corresponding response packets flowing back, this could indicate, two things:
> 
> The packets do not reach port 6000 on your windows machine.
> The response packets, sent by your windows machine, do not reach your FreeBSD sever,



Nothing obviously since its not even listening...

```
blurr-ink# tcpdump host 192.168.0.196
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bfe0, link-type EN10MB (Ethernet), capture size 96 bytes
23:17:46.170563 ARP, Request who-has 192.168.0.196 (Broadcast) tell 192.168.0.1, length 46
23:18:04.655007 ARP, Request who-has 192.168.0.193 tell 192.168.0.196, length 46
23:18:04.655039 ARP, Reply 192.168.0.193 is-at 00:08:74:c4:41:9e (oui Unknown), length 28
23:18:04.655184 IP 192.168.0.196.62575 > 192.168.0.193.xdmcp: UDP, length 7
23:18:04.655274 IP 192.168.0.193 > 192.168.0.196: ICMP 192.168.0.193 udp port xdmcp unreachable, length 36
23:18:06.666313 IP 192.168.0.196.62575 > 192.168.0.193.xdmcp: UDP, length 7
23:18:06.666406 IP 192.168.0.193 > 192.168.0.196: ICMP 192.168.0.193 udp port xdmcp unreachable, length 36
23:18:10.675831 IP 192.168.0.196.62575 > 192.168.0.193.xdmcp: UDP, length 7
23:18:10.675923 IP 192.168.0.193 > 192.168.0.196: ICMP 192.168.0.193 udp port xdmcp unreachable, length 36
23:18:18.679101 IP 192.168.0.196.62575 > 192.168.0.193.xdmcp: UDP, length 7
23:18:18.679196 IP 192.168.0.193 > 192.168.0.196: ICMP 192.168.0.193 udp port xdmcp unreachable, length 36
23:18:34.685691 IP 192.168.0.196.62575 > 192.168.0.193.xdmcp: UDP, length 7
23:18:34.685783 IP 192.168.0.193 > 192.168.0.196: ICMP 192.168.0.193 udp port xdmcp unreachable, length 36
23:18:39.209898 ARP, Request who-has 192.168.0.193 (00:08:74:c4:41:9e (oui Unknown)) tell 192.168.0.196, length 46
23:18:39.209927 ARP, Reply 192.168.0.193 is-at 00:08:74:c4:41:9e (oui Unknown), length 28
23:18:46.170469 ARP, Request who-has 192.168.0.196 (Broadcast) tell 192.168.0.1, length 46
23:19:46.170538 ARP, Request who-has 192.168.0.196 (Broadcast) tell 192.168.0.1, length 46
^C
17 packets captured
1847 packets received by filter
0 packets dropped by kernel
blurr-ink#
```


----------



## mickey (Dec 7, 2009)

Lego said:
			
		

> What I mean is when somoene uses blurr-ink.com or my Routers External IP (my Internet IP) The IP my router is given from my ISP, The requests are passed right through the router directly to the server. I have nothing forwarded to my windows box. There is no forwarding setup between my bsd box and my windows box, locally or outside my network, if that's even possible.



d'accord



			
				Lego said:
			
		

> looks like its not listening:
> 
> ```
> blurr-ink# netstat -n -a -f inet -p udp | grep 177
> ...



Something's wrong here. It should look more like this:

```
root@gunhead pts/0 [~]: netstat -n -a -f inet -p udp | grep 177
udp4       0      0 *.177                  *.*
```
So we are back to gdm and it's configuration.

Which version of gdm is installed on this machine?
Was gdm running for certain, at the time you issued that netstat command?
What is in your /usr/local/etc/gdm/custom.conf file?
Did you restart gdm after making changes to /usr/local/etc/gdm/custom.conf?
Try manually stopping and then starting gdm:
[cmd=""]/usr/local/etc/rc.d/gdm stop[/cmd]
[cmd=""]/usr/local/etc/rc.d/gdm start[/cmd]
Look out for any warning/error messages, that may appear on the terminal or in /var/log/messages.


----------



## Lego (Dec 9, 2009)

Sorry it took so long to respond been busy lately.


```
blurr-ink# pkg_info|grep gdm
gdm-2.26.1_7        GNOME 2 version of xdm display manager
```


```
blurr-ink# /usr/local/etc/rc.d/gdm stop
Stopping gdm.
Waiting for PIDS: 14233.
blurr-ink# /usr/local/etc/rc.d/gdm start
Starting gdm.
blurr-ink# netstat -n -a -f inet -p udp | grep 177
blurr-ink#
```


```
# GDM configuration storage

[xdmcp]

DisplaysPerHost=2
Enable=True
HonorIndirect=true
MaxPending=4
MaxSessions=4
MaxWait=30
MaxWaitIndirect=30
PingIntervalSeconds=15
Port=177
#Willing=/usr/local/etc/gdm/Xwilling

[chooser]

[security]

DisallowTCP=false

[debug]
```

yes I restarted the computer before trying the first time, but just to be sure I followed the stop start to make sure... still no luck the only thing i see happening is when is stop then start gdm through putty, it starts gdm on the server monitor. I just restarted the computer once more. and tried again


```
blurr-ink# netstat -n -a -f inet -p udp | grep 177
blurr-ink# /usr/local/etc/rc.d/gdm start
Starting gdm.
blurr-ink#
** (gdm-binary:1563): WARNING **: Failed to acquire org.gnome.DisplayManager

** (gdm-binary:1563): WARNING **: Could not acquire name; bailing out

blurr-ink#
blurr-ink# netstat -n -a -f inet -p udp | grep 177
blurr-ink#
```

I get that error in the putty window, but gdm starts on the server monitor.... seems gdm refuses to listen for some reason....


----------



## Lego (Dec 9, 2009)

/var/log/messages

```
Dec  9 23:32:11 blurr-ink kernel: drm0: <Intel i845G GMCH> on vgapci0
Dec  9 23:32:11 blurr-ink kernel: vgapci0: child drm0 requested pci_enable_busmaster
Dec  9 23:32:11 blurr-ink kernel: info: [drm] AGP at 0xe0000000 128MB
Dec  9 23:32:11 blurr-ink kernel: info: [drm] Initialized i915 1.6.0 20080730
Dec  9 23:32:11 blurr-ink kernel: drm0: [ITHREAD]
Dec  9 23:32:14 blurr-ink console-kit-daemon[1379]: WARNING: kvm_getenvv failed: cannot open /proc/1379/mem
Dec  9 23:32:32 blurr-ink gnome-session[1498]: WARNING: Application 'metacity.desktop' failed to register before timeout
Dec  9 23:32:32 blurr-ink gdm-simple-greeter[1521]: WARNING: Failed to load '/share/xml/iso-codes/iso_639.xml': Failed to open file '/share/xml/iso-codes/iso_639.xml': No such file or directory
Dec  9 23:32:32 blurr-ink gdm-simple-greeter[1521]: WARNING: Failed to load '/share/xml/iso-codes/iso_3166.xml': Failed to open file '/share/xml/iso-codes/iso_3166.xml': No such file or directory
Dec  9 23:32:35 blurr-ink console-kit-daemon[1379]: WARNING: kvm_getenvv failed: cannot open /proc/1522/mem
Dec  9 23:32:36 blurr-ink console-kit-daemon[1379]: WARNING: kvm_getenvv failed: cannot open /proc/1521/mem
Dec  9 23:32:36 blurr-ink gdm-simple-greeter[1521]: WARNING: Unable to find users: no seat-id found
Dec  9 23:32:37 blurr-ink console-kit-daemon[1379]: WARNING: kvm_getenvv failed: cannot open /proc/1527/mem
Dec  9 23:32:37 blurr-ink console-kit-daemon[1379]: WARNING: kvm_getenvv failed: cannot open /proc/1527/mem
Dec  9 23:37:05 blurr-ink kernel: bfe0: promiscuous mode enabled
Dec  9 23:37:16 blurr-ink console-kit-daemon[1379]: WARNING: kvm_getenvv failed: cannot open /proc/1498/mem
Dec  9 23:37:16 blurr-ink gnome-session[1498]: WARNING: Unable to determine session: Unable to lookup session information for process '1498'
Dec  9 23:37:30 blurr-ink kernel: bfe0: promiscuous mode disabled
Dec  9 23:40:35 blurr-ink console-kit-daemon[1379]: WARNING: kvm_getenvv failed: cannot open /proc/1498/mem
Dec  9 23:40:35 blurr-ink gnome-session[1498]: WARNING: Unable to determine session: Unable to lookup session information for process '1498'
```


----------



## mickey (Dec 10, 2009)

I am using gdm 2.28.x, but there are no differences in the XDMCP configuration between those versions. But feel free to upgrade your Gnome to 2.28.

It seems there are some problems with your gdm. Please check for the following:

Make sure you have procfs mounted on /proc. Gnome needs this to function properly. If it's missing, add the following line to your /etc/fstab:

```
proc                    /proc           procfs  rw              0       0
```

Check that you have the following settings in your /etc/rc.conf:

```
avahi_daemon_enable="YES"
avahi_dnsconfd_enable="YES"
hald_enable="YES"
dbus_enable="YES"
gdm_enable="YES"
```
or alternatively, the following sets all of the above:

```
gnome_enable="YES"
```
Additionally you might need these, too:

```
polkitd_enable="YES"
system_tools_backends_enable="YES"
```


----------

