We have one server running XDMCP on port 177 and I want to give access to remote sites, since the router does not broadcast. So how do I open port 177 on my router so that other clients can get a GUI display of my server remotely?
The XDMCP protocol uses User Datagram Protocol (UDP) port 177 for messaging between display host and the server host and Transmission Control Protocol (TCP) port 6000 for displaying. You will have to explicitly permit port 6000 TCP and port 177 UDP on your router by making configuration (ACL) changes. Make sure you open the ports for both directions. If your router is configured for NAT then, for inside-display-outside-server configurations, a static NAT entry for TCP port 6000 is required. In the case of an outside-display-inside-server, configuration static NAT entry for UDP port 177 is required. Don't forget to map those ports to the IP address of your local computer on your LAN. F.Y.I. – you can't make an indirect XDMCP connection using the above.
Just from a security standpoint, XDMCP doesn't provide a secure or encrypted communication tunnel. So, it is always better to have the remote sites VPN into your network. Since this will now be a trusted and secure channel, you will have less to worry about. Also, the other option is to use it over an SSH tunnel.
This was last published in October 2005
Dig Deeper on Network Infrastructure
Our expert, Puneet Mehta, tells us what the key difference is between intrusion detection and intrusion prevention, in this expert response.
In this expert response, Puneet Mehta tells us where the placement of the firewall should be architecturally.
What methods are available to protect a network from broadcast and multicast storms?