Re: [TCLUG:19205] X Problem...

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:19205] X Problem...
From: Mike Hicks <hick0088@tc.umn.edu>
Date: Tue, 27 Jun 2000 19:13:47 -0500
Posted-Date: Tue, 27 Jun 2000 19:16:49 -0500 (CDT)
References: <Pine.SOL.4.20.0006271113040.2944-100000@garnet.tc.umn.edu>
Sender: mike@3po.dhs.org

mjn wrote:
> 
> Issuing `startx' I get the following error:
> 
> _XSERVTransSocketINETCreateListener: ...SocketCreateListener() failed
> _XSERVTransMakeAllCOTSServerListeners: server already running
> 
> Fatal Server error:
> Cannot establish any listening sockets - Make sure an X server isn't
> already running
> 
> When reporting...
> 
> _X11TransSocketUNIXConnect: Can't connect: errno = 111
> giving up
> xinit: Connection refused (errno 111): unableto connect to X server
> xinit: No such process (errno 3): Server error.
> 
[snip]
> 
> I have configured IPchains and X was working properly with IPchains
> initially but i think that, given the error messages I am getting, it is
> the most likely culprit.  Does anyone have a sample config for IPchains
> rules which works successfully with X?

well, you may have not excluded localhost from the blocking rules.  You
should try running `telnet localhost 6000' when you have an X server
running -- if it connects, the port is open, and you should look
elsewhere to fix the problem.

If the problem _is_ IPChains, you should probably look at the packet
counters to see where they are getting rejected.  The counters can be
seen by running `ipchains -L -v'

> What i thought should work was:
> 
> accept tcp from anywhere to localhost port 6000
> 
> I also tried:
> 
> accept tcp and udp from anywhere to localhost on ports 5999:6003
> 
> (do i need a rule for xfs?)

I think xfs uses Unix sockets, but I can't remember off the top of my
head..

> I guess the query is two fold:  Is IPchains giving me this error?
> 
> and
> 
> What is the ideal setup for X ports in IPchains if X is only going to be
> used from the local machine and if it is going to be availble to anyone?

I prefer to block ports that I know are open by creating a rule with a
command like

ipchains -I input -p tcp -s \! 127.0.0.1 --dport <port> -j REJECT

..instead of doing a total block of the input chain.

if you want, you can use this as a configuration file (load it with
something like `ipchains-restore < ipchains.conf'):

:input ACCEPT
:forward DENY
:output ACCEPT
-A input -s ! 127.0.0.1/255.255.255.255 -d 0.0.0.0/0.0.0.0 25:25 -p 6 -j
REJECT -l
-A input -s ! 127.0.0.1/255.255.255.255 -d 0.0.0.0/0.0.0.0 143:143 -p 6
-j REJECT -l
-A input -s ! 127.0.0.1/255.255.255.255 -d 0.0.0.0/0.0.0.0 515:515 -p 6
-j REJECT -l
-A input -s ! 127.0.0.1/255.255.255.255 -d 0.0.0.0/0.0.0.0 -p 6 -l -y
-A input -s ! 127.0.0.1/255.255.255.255 8:8 -d 0.0.0.0/0.0.0.0 -p 1 -l

(beware of line wrapping..)  It logs ICMP echo-requests, SYNs, and
blocks and logs SMTP, IMAP, and the port the printer daemon listens on.


random sidenote -- I saw today what may be a reason we write `daemon' in
Unix (but I'm probably wrong).  If you translate from German, or another
language with umlauts, it's customary to do `ae' instead of `ä'
(`&auml;' in HTML), `oe' instead of `ö', etc.  So, dämon -> daemon.

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   Error: MentalPlex(tm) has 
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   determined that this is  
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)  not your final answer. 
[ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088@tc.umn.edu ]

Follow-Ups:
- Re: [TCLUG:19205] X Problem...
  - From: mjn <mjn@tc.umn.edu>
- Re: [TCLUG:19205] X Problem...
  - From: "John R. Sheets" <dusk@ravendusk.org>

References:
- X Problem...
  - From: mjn <mjn@tc.umn.edu>

Prev by Date: Re: [TCLUG:19127] SSH Clients
Next by Date: Re: [TCLUG:19205] X Problem...
Prev by thread: Re: [TCLUG:19205] X Problem...
Next by thread: Re: [TCLUG:19205] X Problem...
Index(es):
- Date
- Thread