[Novalug] VNC over XDMCP issue driving me nuts
Mike Godwin
mggjunk@yahoo.com
Wed Apr 29 14:40:41 EDT 2009
I have a bank of Linux boxes on a closed network. Closed in the sense that it's protected from outsiders from snooping and whatnot but open for me to get to it remotely via another similarly closed network.
I am using VNC to bring up the XDM/X window login screen on each box via XDMCP and for a while - when I only had one box listening - it was working great. However, once I added more machines to the network, I found that when I selected to hit server A via my VNC program, I was getting the login screen for a completely different box. I changed the port numbers that the boxes listen to for the VNC connection so they'd be unique across the network but this did not solve the issue either.
So I fired up a tcpdump and what is happening is when any of the boxes sees my VNC connection come in, it immediately sends out a UDP 177 packet to the broadcast address of the network. Apparently, any machine listening on 177 (XDMCP) can answer this, and if it does, it essentially bridges through the machine I requested and, while my PC thinks it's communicating to server A, in reality it's communicating *through* server A and ending up on server B.
I have trolled the configurations of everything I can think of and I cannot seem to find an option to turn off this UDP broadcast. I added a rule to iptables on each box blocking the UDP 177 broadcast but that had a side effect of causing me to get a blank window when I VNCed into the box. I don't quite understand why that occurred. I backed out the iptables change and now I'm back at square one.
It blows my mind that I cannot accomplish the simple task of selecting a server and getting a screen for that server reliably 100% of the time.
Anyone out there have any ideas on this? I'd like to reclaim what's left of my sanity as soon as possible.
More information about the Novalug
mailing list