Configuring iptables for SSH and X11 forwarding
I'm having a Red Hat EL 3 as a server with SSH daemon running. I'm using a SSH connection from Windows with Putty SSH -client. I have enabled X11 Forwarding for Putty and servers SSH daemon. Everything works just fine. I'm able to use X -applications like xclock from Putty correctly. Afterwards I configured a firewall for my server. My aim was to configure the firewall so that I'm able to use SSH (with X forwarding) from anywhere. Here's my iptables rules:
Code:
Chain INPUT (policy DROP)
target prot opt source destination
ssh_gate tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ssh_gate tcp -- anywhere anywhere state NEW tcp spt:ssh
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain ssh_gate (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
After setting up these rules the SSH connection is working correctly but I'm not able to use any X -applications. When I tried to start xclock, I received an error "Error: Can't open display: localhost:15.0". If I change iptables INPUT and OUTPUT policy to ACCEPT, I'm able to use X -applications but with DROP policy I'm not. According to my knowledge these iptables setting should let all traffic in and out using port 22. I sniffed network traffic using tcpdump and I didn't manage to capture any other traffic then traffic to port 22. Does anyone have any ideas whats wrong with my iptables?
