Recently, I built a computer running Ubuntu and gave it away to a relative. I'm willing to give them IT support for free, but they live 50 miles away. The Solution? A NX Server. I setup the Node, Client and Server on her computer, with the client only on my computer. It's working out fine, but the only fear I have is other people accessing the server. I want only a few computers to be able to access the NX server, and nobody else. How do I go about doing this? By the way, both computers (relative's computer and my computer) are running 12.04, with a few computers that may access running CentOS 5.
Asked
Active
Viewed 627 times
4 Answers
1
I would do this...It will block all traffic to a port except from your ip.
iptables -A INPUT -p tcp --dport 8000 -s 192.168.1.1 -j ACCEPT iptables -A INPUT -p tcp --dport 8000 -j DROP
Where 8000 is the nx port and 192.168.1.1 is your ip address.
wlraider70
- 1,683
1
You could also use SSH just for tunneling (ssh -D 1080 user@ip") and allow only connections from 127.0.0.1 / localhost. Then tell your client to connect using a SOCKS 5 proxy at 127.0.0.1:1080. This will not only use the security ssh offers and not lock you out if you get a new source ip but also will take your worries about exposing your server.
farstars
- 11
1
I would suggest using X2Go, which is based on NX, but incompatible with Nomachine NX. Everything is over ssh, and it supports PulseAudio etc. It's been very much more user friendly than FreeNX.
Jo-Erlend Schinstad
- 29,687
0
NX is already secure since it uses encryption and authentication so there is no need to tunnel or use something else.
from their feature matrix here:
- Secure communication protected by SSL cryptography Full encryption
- for UDP traffic Kerberos password authentication PAM based
- authentication Support for industry standard SSH protocol Kerberos
- ticket authentication and ticket forwarding to the session
tomodachi
- 15,370