WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-users] Re: VNC not on Localhost

from [Dirk Pol] [Permanent Link][Original]
To: "John Smith" <netman1@xxxxxxx>
Subject: RE: [Xen-users] Re: VNC not on Localhost
From: "Dirk Pol" <dirkpol@xxxxxxxxxxxx>
Date: Tue, 24 Oct 2006 20:01:21 +0200
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 24 Oct 2006 10:54:35 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acb3i6qFOGN3EOtVS6aOAulBAFrIMwACHuQg
Thread-topic: [Xen-users] Re: VNC not on Localhost 
Hello,

I agree with you that it is insecure to bind it to "world".
What i realy want is to bind it to my management Vlan where also my ILO network 
resides.
I have 4 phy interfaces available in my xen clustermembers

2 i-scsi
1 management / dom0
1 domU


Do i overlook something regarding to the security issue?

As i dont run a xserver in my hosting location your reverse ssh solution does 
not work for me.

Kind regards,


Dirk Pol


 

-----Original Message-----
From: John Smith [mailto:netman1@xxxxxxx]
Sent: dinsdag 24 oktober 2006 18:55
To: Dirk Pol
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Re: VNC not on Localhost


Dirk Pol wrote:
> What I mean is:
> 
>  
> 
> [root@localhost auto]# netstat -na
> 
> Active Internet connections (servers and established)
> 
> Proto Recv-Q Send-Q Local Address               Foreign
> Address             State
> 
> tcp        0      0 127.0.0.1:5900             
> 0.0.0.0:*                   LISTEN
> 
>  
> 
> it is bound to 127.0.0.1:5900 and I want to bind it to 0.0.0.0 so that i
> can reach it from my management LAN
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
> Dirk Pol:
> 
>  
> 
>> I am looking for a way to bind the vncserver of xen machine not to
> 
>> localhost but to my management LAN.
> 
>  
> 
> Just start the vncserver on a host of your management LAN.
> 
>  
> 
> Greetings, Mark Weinem  
> 
>  
> 
> 
> 
> Met vriendelijke groet,
> 
> Dirk Pol
> 
Hi Dirk,

        you definitely do not want to do that: it's as insecure
as you can make it.

        As a solution do from your local client :

        user@client$ ssh -f -N -L localhost:5900:localhost:5900 
username@userdomain

        user@client$ xvnc4viewer localhost:0

Sincerely,

Jan.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] 32bit DomU on 64-bit Xen, Lionel Bouton
Next by Date:  Re: [Xen-users] Xen 3.0.3 confusion, Art Fore
Previous by Thread:  RE: [Xen-users] Re: VNC not on Localhost, Dirk Pol
Next by Thread:  [Xen-users] 32bit DomuU on 64-bit Xen, Lionel Bouton
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy