现象:无法使用xmanager登陆一台RHEL 5.6
排查:
1. /etc/gdm/custom.conf 文件中[xdmcp]存在Enable=true,正常;
2. netstat -antup | grep 177
udp 0 0 0.0.0.0:177 0.0.0.0:* 7650/gdm-binary
正常;
3. 在客户端使用xmanager登陆时,使用 tcpdump udp port 177 能抓到客户端发过来的udp包;但没有回应;
4. iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
没有加入xdmcp的规则。
5. 增加防火墙规则:vim /etc/sysconfig/iptables 在-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT这行后添加一行:
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 177 -j ACCEPT
重启防火墙:service iptables restart 使用xmanager能正常登陆。