Search code examples
routeriptablesportforwarding

Why Am I seeing 'X11' in my iptables?

I am setting up udp port forwarding like so:

for i in `seq 0 9`
do 
   sudo iptables -A PREROUTING -t nat -i eth0 -p udp --dport 600${i} -j DNAT --to 192.168.7.1${i}
   sudo iptables -A FORWARD -p  udp -d 192.168.7.1${i} --dport 600${i} -j ACCEPT
done

and although I can't remember, I am pretty sure I did the same thing for tcp port forwarding, but when I run iptables -L, I get the following:

$ sudo iptables -L                                                                                                                                                        
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             192.168.0.109        tcp dpt:6009
ACCEPT     tcp  --  anywhere             192.168.0.108        tcp dpt:6008
ACCEPT     tcp  --  anywhere             192.168.0.107        tcp dpt:x11-7
ACCEPT     tcp  --  anywhere             192.168.0.106        tcp dpt:x11-6
ACCEPT     tcp  --  anywhere             192.168.0.105        tcp dpt:x11-5
ACCEPT     tcp  --  anywhere             192.168.0.104        tcp dpt:x11-4
ACCEPT     tcp  --  anywhere             192.168.0.103        tcp dpt:x11-3
ACCEPT     tcp  --  anywhere             192.168.0.102        tcp dpt:x11-2
ACCEPT     tcp  --  anywhere             192.168.0.101        tcp dpt:x11-1
ACCEPT     tcp  --  anywhere             192.168.0.100        tcp dpt:x11
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
LOG        all  --  anywhere             anywhere             LOG level warning
ACCEPT     udp  --  anywhere             main                 udp dpt:x11
ACCEPT     udp  --  anywhere             desktop1             udp dpt:x11-1
ACCEPT     udp  --  anywhere             desktop2             udp dpt:x11-2
ACCEPT     udp  --  anywhere             desktop3             udp dpt:x11-3
ACCEPT     udp  --  anywhere             desktop4             udp dpt:x11-4
ACCEPT     udp  --  anywhere             desktop5             udp dpt:x11-5
ACCEPT     udp  --  anywhere             desktop6             udp dpt:x11-6
ACCEPT     udp  --  anywhere             192.168.7.17         udp dpt:x11-7
ACCEPT     udp  --  anywhere             192.168.7.18         udp dpt:6008
ACCEPT     udp  --  anywhere             192.168.7.19         udp dpt:6009

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Why X11? How can I remove this (purge rules?) and set it back to 600_

Solution

  • The port you see is actually 600_; when you run iptables without -n option it resolves the ports to names defined in /etc/services file and the addresses using /etc/hosts or dns calls:

    cat /etc/services
[...]
ggz     5688/tcp            # GGZ Gaming Zone
ggz     5688/udp
x11     6000/tcp    x11-0       # X Window System
x11     6000/udp    x11-0
x11-1       6001/tcp
x11-1       6001/udp
x11-2       6002/tcp
x11-2       6002/udp
x11-3       6003/tcp
x11-3       6003/udp
[...]

    To see the firewall rules using numbers, user iptables -n:

      -n, --numeric
          Numeric  output.   IP addresses and port numbers will be printed
          in numeric format.  By default, the program will try to  display
          them  as host names, network names, or services (whenever appli‐
          cable).