[Novalug] VNC over XDMCP issue driving me nuts

Mike Godwin mggjunk@yahoo.com
Wed Apr 29 14:40:41 EDT 2009


I have a bank of Linux boxes on a closed network.  Closed in the sense that it's protected from outsiders from snooping and whatnot but open for me to get to it remotely via another similarly closed network.

I am using VNC to bring up the XDM/X window login screen on each box via XDMCP and for a while - when I only had one box listening - it was working great.  However, once I added more machines to the network, I found that when I selected to hit server A via my VNC program, I was getting the login screen for a completely different box.  I changed the port numbers that the boxes listen to for the VNC connection so they'd be unique across the network but this did not solve the issue either.

So I fired up a tcpdump and what is happening is when any of the boxes sees my VNC connection come in, it immediately sends out a UDP 177 packet to the broadcast address of the network.  Apparently, any machine listening on 177 (XDMCP) can answer this, and if it does, it essentially bridges through the machine I requested and, while my PC thinks it's communicating to server A, in reality it's communicating *through* server A and ending up on server B.

I have trolled the configurations of everything I can think of and I cannot seem to find an option to turn off this UDP broadcast.  I added a rule to iptables on each box blocking the UDP 177 broadcast but that had a side effect of causing me to get a blank window when I VNCed into the box.  I don't quite understand why that occurred.  I backed out the iptables change and now I'm back at square one.

It blows my mind that I cannot accomplish the simple task of selecting a server and getting a screen for that server reliably 100% of the time.

Anyone out there have any ideas on this?  I'd like to reclaim what's left of my sanity as soon as possible.



      



More information about the Novalug mailing list