[CentOS] iptables settings for X11 forwarding in CentOS 6.2

Fri Mar 29 15:34:41 UTC 2013
Pat Haley <phaley at MIT.EDU>

Hi,

We recently installed CentOS 6.2 on our cluster.  During
the installation/debugging of various secondary software, we had
disabled iptables.  When we re-enabled them, we found that the
front-end would no longer X11 forward (although it does so
when the iptables are off).  What do we need to set in the
iptables to permit X11 forwarding?  Currently we're using


iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

iptables -A INPUT -m limit --limit 15/minute -j LOG --log-level 7 
--log-prefix "Dropped by firewall: "

iptables -A INPUT -i eth1 -p tcp --dport 22 -m state --state 
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 80 -m state --state 
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 8080 -m state --state 
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 6000 -m state --state 
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 6001 -m state --state 
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 6002 -m state --state 
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 6003 -m state --state 
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 6004 -m state --state 
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 6005 -m state --state 
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p udp --dport 177 -m state --state 
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p udp --dport 6000 -m state --state 
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p udp -m state --state ESTABLISHED,RELATED -j 
ACCEPT
iptables -A INPUT -i eth1 -p tcp -m state --state ESTABLISHED,RELATED -j 
ACCEPT

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Pat Haley                          Email:  phaley at mit.edu
Center for Ocean Engineering       Phone:  (617) 253-6824
Dept. of Mechanical Engineering    Fax:    (617) 253-8125
MIT, Room 5-213                    http://web.mit.edu/phaley/www/
77 Massachusetts Avenue
Cambridge, MA  02139-4301