Article delegate-en/374 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A372@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: further issues concerning the Delagate X proxy service
24 Mar 1999 14:57:17 GMT Marc Elsen <peiaqbdyi-jfjnzgninonr.ml@ml.delegate.org>


Yutaka Sato wrote:
> 
> On 03/18/99(18:38) you peiaqbdyi-jfjnzgninonr.ml@ml.delegate.org wrote in <_A367@delegate-en.ML_>
>  |--
>  |--  @ @  dmz2.imec.be PROXY-telnet server DeleGate/5.8.3
>  |-- ( - ) { Hit '?' or enter `help' for help. }
>  |DeleGate/5.8.3 (December 17, 1998)
>  |AIST Research Product No. 1994-ETL-8715-1
>  |Copyright (c) 1994-1998 Yutaka Sato
>  |Copyright (c) 1994-1998 Electrotechnical Laboratry (ETL), AIST, MITI
>  |WWW: http://wall.etl.go.jp/delegate/
>  |-- -- -- This (proxy) service is maintained by 'helpdesk@imec..be'
>  |>> Host name: a xproxy
>  |####[X-Proxy] accept host 'xproxy'
>  |####[started] use DISPLAY '10.1.1.12:14.0'
> 
> I don't understand why you need this "accept" command, since the
> command is necessary only when you need to use X client on a
> host which is not the same with the current Telnet server host.
> In your case, the X client is on the current Telnet server host,
> thus I think no accept command is necessary.

 Ok , I did not understand this issue previously.


> 
>  |>> Host name: x bristol:0
>  |>> Host name: duchesse.esat.kuleuven.ac.be
>  |-- Trying duchesse.esat.kuleuven.ac.be [134.58.63.135:23] ...
>  |-- Connected to duchesse.esat.kuleuven.ac.be.
>  |####[set manually] setenv DISPLAY 10.1.1.12:15.0
> 
> This message means that the X proxy invoked here started accepting
> incomming connection at the port 6015 of the host 10.1.1.12.
> I suppose this 10.x.x.x is the network interface on the private
> network side of your DeleGate's host, which can ben unreachable on
> IP level from the target Telnet server host.

 That is true ; to tell this story in short :

 The machine were delegate is on is behind a checkpoint NT 
 box with fw-1. We use address translation
 Note however that I think that this issue is not
 related to the "native problem" because your X-proxy
 part of delegate telnet works for me for standard UNIX
 workstations for instance and also for PC's with 
 reflectionX.
 It does not work for me on X-terminals...



> 
>  |imec@duchesse>setenv DISPLAY xproxy.imec.be:15.0
>  |imec@duchesse>xterm
>  |XIO:  fatal IO error 232 (Connection reset by peer) on X server "xproxy.imec.be:15.0"
>  |      after 0 requests (0 known processed) with 0 events remaining.
> 
> You tried to connect to xproxy.imec.be:6015 while the X proxy was
> waiting at 10.1.1.12:6015, thus the connection should have never
> been established, but the message seems be showing a connection is
> once established before it's disconnected.  So the situation seems
> very strange.  Is there some network address translation or so?
> 
 See my  earlier reply on previous paragraph...


> >[X11]/mit/lib/X/XlibInt.c
> >>       (void) fprintf (stderr,
> >>        "XIO:  fatal IO error %d (%s) on X server \"%s\"\r\n",
> >>                       errno, _SysErrorMsg (errno), DisplayString (dpy));
> >[HP-UX]/usr/include/sys/errno.h:
> >#  define ECONNRESET            232     /* Connection reset by peer */
> 
>  |03/18 10:10:45.04 [9308] 599+0: UDP_client_open[7] time://xproxy:37 ...
>  |03/18 10:10:45.04 [9308] 599+0: checkIF-UDP connected [7] {146.103.254.12:37 <- 10.1.1.12:2264} [0.000s]
>  |03/18 10:10:45.04 [9308] 599+0: myname = dmz2.imec.be
>  |03/18 10:10:45.04 [9308] 599+0: server_open(Xpxdisplay,dmz2.imec.be:6010,listen=1)
> ...
>  |03/18 10:10:45.04 [9308] 599+0: Xproxy -- dmz2.imec.be:6012.0 -- 10.1.1.12:12.0
>  |03/18 10:10:45.04 [9308] 599+0: #### Xproxy[9309]:  <- 10.1.1.12:12.0 <- xproxy
> 
> Here DeleGate was trying to select and bind the network interface
> which is reachable from the Telnet server (i.e. X client) hosts.
> (Though this stuff of log seems from the strange "accept" command
> for the host of DeleGate itself, I suppose similar log will be for
> the destination Telnet server host (duchesse.esat.kuleuven.ac.be))
> But the trial seems failed because of strange ? network and DNS ?
> configuration:
>  - "dmz2.imec.be" seems to have (at least) two interfaces,
>    10.1.1.12 and 146.103.254.12
>  - both of those IP addresses are given a common name "dmz2.imec.be"
>  - "xproxy.imec.be" as an alias
>  - a connection to external destination network seems to be
>    established with an address on a private (?) network as
>    a source address
>  - NAT may exist somewhere ??
>  ...

 As stated I think these issues are not part of this
 problem (so for the honest reply, only trying to be observal).
 The only thing is indeed that when you are connected
 to the remote Internet host you have to change the address
 in the setenv DISPLAY  command suggested by Delegate because
 of the address translation indeed.
 This does however work on standard workstations and NT  PC's
 with reflectionX  installed for instance.



> 
> Maybe you can get more informative information with "-vv" option to
> see what is happening in X-proxy server, like this:
> 
>   xproxy% delegated -P8023 -vv SERVER=telnet
> 
>   client% telnet xproxy 8023
>   Hostname: x bristol:0
>   Hostname: duchesse.esat.kuleuven.ac.be
>   ...login...
>   > setenv DISPLAY xproxy...
>   > xterm
> 
> [when not permitted to use the X-proxy]:
>  1+0: E-P: No permission: telserv-2:2825 => X://xserv
>  1+0: -- ident: telserv-2
>  ...
>  1+0: E-C: Can't connect: telserv-2:2825 => X://xserv (?)
>  1+0: No connection
> 
> [when failed to connect to the destination server]:
>  1+0: #### ConnectToServer: DFLT=X://xserv:6001 REAL=://:0
>  1+0: ConnectToServer connect X://xserv:6001
>  1+0: [12] ConnectToServer connect failed xx.xx.xx.xx:6001 [0.00s] 61
>  1+0: ERROR: cannot connect to X://xserv:6001 - -1
>  1+0: E-C: Can't connect: telserv:1027 => X://xserv:6001 (refused)
>  1+0: No connection
> 
> I suppose it possible that the source address of the connection
> for X protocol initiated from duchesse.esat.kuleuven.ac.be
> [134.58.63.135] is not [134.58.63.135] because of some address
> translation or multi-homed configuration of the telnet server...
> 

 No , the NAT  stuff is not affecting the address of this
machine for us.




> Then possibly you can avoid the situation with the enclosed patch,
> which makes the X-proxy bind with wild-card interface,
> and disalbes access restriction about client host of X-proxy.
> 

 Thanks !
 I  will try  this stuff. My  current workbusiness may need
 other attention area's.
 
 I  will try to give you further feedback in time.

 Thanks for your help,

                                 Marc.


> Cheers,
> Yutaka
> --
> Yutaka Sato <ysato@etl.go.jp> http://www.etl.go.jp/~ysato/   @ @
> Computer Science Division, Electrotechnical Laboratory      ( - )
> 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan            _<   >_
> 
> *** ../../delegate5.9.1/src/delegated.c Mon Mar 15 19:18:15 1999
> --- delegated.c Wed Mar 24 14:33:05 1999
> ***************
> *** 3661,3667 ****
> --- 3661,3671 ----
> 
>         pxsock = -1;
>         for( pxport = 6010; pxport < 6100; pxport++ ){
> + /*
>                 pxsock = server_open("Xpxdisplay",pxhost,pxport,1);
> + DEBUG: bind with wildcard interface
> + */
> +               pxsock = server_open("Xpxdisplay","",pxport,1);
>                 if( 0 < pxsock )
>                         break;
>         }
> ***************
> *** 3712,3718 ****
> --- 3716,3727 ----
>         unsetEnv(environ,environ,P_PERMIT);
>         unsetEnv(environ,environ,P_RELIABLE);
>         unsetEnv(environ,environ,P_REACHABLE);
> + /*
>         sprintf(permit,"%s=X:%s:%s",P_PERMIT,disphost,relhost);
> + DEBUG: don't check X-client host
> + */
> +       sprintf(permit,"%s=X:%s:*",P_PERMIT,disphost);
> +
>         av[ac++] = permit;
> 
>         if( env = getEnv(P_CONNECT) ){

-- 

 'Love is truth without any future.
 (M.E. 1997)

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V