We have one server running XDMCP on port 177 and I want to give access to remote sites, since the router does not broadcast. So how do I open port 177 on my router so that other clients can get a GUI display of my server remotely?
The XDMCP protocol uses User Datagram Protocol (UDP) port 177 for messaging between display host and the server host and Transmission Control Protocol (TCP) port 6000 for displaying. You will have to explicitly permit port 6000 TCP and port 177 UDP on your router by making configuration (ACL) changes. Make sure you open the ports for both directions. If your router is configured for NAT then, for inside-display-outside-server configurations, a static NAT entry for TCP port 6000 is required. In the case of an outside-display-inside-server, configuration static NAT entry for UDP port 177 is required. Don't forget to map those ports to the IP address of your local computer on your LAN. F.Y.I. – you can't make an indirect XDMCP connection using the above.
Just from a security standpoint, XDMCP doesn't provide a secure or encrypted communication tunnel. So, it is always better to have the remote sites VPN into your network. Since this will now be a trusted and secure channel, you will have less to worry about. Also, the other option is to use it over an SSH tunnel.
This was last published in October 2005
Dig Deeper on Network Infrastructure
To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: https://...
Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ...
Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ...