D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Firestarter on Debian

 
On Wed, 10 Nov 2010, Henry Bremridge wrote:


I have turned my old computer into a server. It is currently running
firestarter as a firewall. Unfortunately I no longer have the monitor.

Question: does anyone know I can access firestarter over an SSH connection
to change the settings so that wife can access it?

http://www.fs-security.com/docs/introduction.php

states "Firestarter can be installed onto individual servers and managed
graphically over SSH or using the shell. "

If I log in over SSH and then try and start the gui my error message is
   X11 connection rejected because of wrong authentication.
   Gtk-WARNING **: cannot open display: localhost:10.0


Sometimes I think it's easier to just maintain a shell-script...

(which is what I do)
What's happening in your instance is that either your ssh session is not setting up the right tunnel for X, or the X server on your own PC is not configured to allow remote connections or soemthing else.
It used to be easy to view the output of X programs on another terminal, but then people added security... ;-)
So starting with the basics - you need your local PC to be setup so that when you ssh to another machine it creates the ssh tunnel to pass X data back over... However, since you're getting the display set to "localhost:10.0" it's probably working, however to check: 

On your local PC, look at /etc/ssh/ssh_config

Look for lines containing

  ForwardX11 yes
  ForwardX11Trusted yes
Then on the remote, look at /etc/ssh/sshd_config (not sshd here) and look for: 

  X11Forwarding yes
  X11DisplayOffset 10
restart sshd in needed (/etc/init.d/sshd restart) then logout and login again. 

Check $DISPLAY:

  echo $DISPLAY

  gordon @ watertower: echo $DISPLAY
  localhost:10.0

Then try to run something simple:

  xterm
An xterm ought to pop up on your local display. If that doesn't work, then go back to basics. On your local machine, run: 

  ssh -v remotehost -l user, etc.

and look at the output.
However, if you just want a simple firewall, put it in a shell-script and let it run at boot time.
I can not envisage any instances where my wife would ever want to change the firewall on our home system - what are you/she trying to achieve? 

Gordon

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq