Traversing X11 clients behind NAT (or X11 end-to-end connectivity)

I was thinking how we could make remotely X clients totally connective with the server when both are behind a NAT/firewall.

We can imagine one big motivation to do this: a scenario where someone using his thin and poor machine wants to use the resources of some “fat” machines which he simply doesn’t know where they are seated. Those fat machines could be arranged through a P2P network of “X11 pool of resources” and the list of machines displayed to the user select his desired one (e.g. with minor lag/load). Someone more capitalist than me could go further and imagine a provider selling X11 resources to mobile devices. Or just open your home machine’s web browser in any place of the world. Well, the field of applications would be huge.

Maybe this would be a kick in the a** of the so called web-based applications. Now you have to learn how to program in html, php, ajax or another boring language to build something in this kind of environment. Instead, we could see this P2P network also as a web-based environment letting people to program apps in their preferred toolkit (and yes, I’m betting that the data transfer rates in the various networks will increase significantly in the next years).

– How?

There’s a technique to create TCP connections between machines behind NAT/firewall called “hole punching’ [0, 1]. With the help of a server (called rendezvous) two machines behind NAT/firewall open a ‘hole’ in their NAT/firewall to establish a connection. A similar technique — using UDP — is what Skype and others are relaying today.

Someone already mentioned [2] to wrap X11 protocol with jabber (or other protocol). It would be also an idea. But I don’t know how much the latency would increase in this case.

Certainly there are others techniques to achieve the X11 end-to-end transparency among machines that I’m missing.

– Why ssh -X and xfwp is not the way?

Simply because it doesn’t let end-to-end connectivity.

I didn’t thought what would be the impact in both client and server side. Probably all this will touch some aspects of authentication and
security. I don’t know.

So I would like to hear from you what do you think about this all (and eventually find a mentor to apply this in GSoC ;) )



One thought on “Traversing X11 clients behind NAT (or X11 end-to-end connectivity)

  1. This kind of thing is really interesting, the network stuff in X is really under utalised but a fear the main reason for this is just being able to do it in a secure and simple way (without the need for cmd line ssh etc).

    Latency would indeed be *really bad* over jabber – it was suggested more as hack/joke more than anything else.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s