[X2Go-Dev] x2go connection timeout
eastasia
eastasiax at 163.com
Tue Jul 19 04:34:02 CEST 2016
hi, dear devs,
x2go server is installed in gentoo, without firewalls (iptables), it
works well. if i brought iptables up with some rules, the client can not
connect to the server, connection time out. so the question is which
port or port range should i open to make it work? i searched on the web,
no proper references.
here is my rules, please help me out. thanks.
"rules.sh"
#!/bin/bash
# vars
IPT=/sbin/iptables
# Flush old rules, old custom tables
echo " * flushing old rules"
$IPT --flush
$IPT --delete-chain
# Set default policies for all three default chains
echo " * setting default policies"
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
# Allow established and related packets
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Open the following ports
echo " * allowing ssh on port 22"
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
# for x2go client connecting to x2go server
iptables -A INPUT -p tcp --dport 49 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 49 -j ACCEPT
iptables -A INPUT -p tcp --dport 50 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 50 -j ACCEPT
iptables -A INPUT -p tcp --sport 30000 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 30000 -j ACCEPT
iptables -A INPUT -p tcp --sport 30001 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 30001 -j ACCEPT
iptables -A INPUT -p tcp --sport 6050 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 6050 -j ACCEPT
iptables -A INPUT -p tcp --dport 31000:31010 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 31000:31010 -j ACCEPT
iptables -A INPUT -p tcp --dport 57400:57600 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 57400:57600 -j ACCEPT
echo " * allowing ftp on port 21"
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -j ACCEPT
echo " * allowing http on port 80"
$IPT -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
echo " * allowing https on port 443"
$IPT -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT
echo " * allowing ping responses"
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT
# DROP everything else and Log it
$IPT -A INPUT -j LOG
$IPT -A INPUT -j DROP
#
# Save settings
#
echo " * saving settings"
/etc/init.d/iptables save
yadong
More information about the x2go-dev
mailing list