[CentOS] NFS/NIS and firewalls

Fri Jan 11 08:59:08 UTC 2008
Johnny Hughes <johnny at centos.org>

Scott Ehrlich wrote:
> I have a few C5 machines on an isolated LAN that connect to a RHEL5 
> server via NFS and NIS for authentication.   I discovered that one of 
> the C5 workstations worked fine for NFS exporting, but refused to 
> collaborate with the EL5 server for NIS user authentication.
> 
> I had successfully connected other systems to this server without issue, 
> but this machine was finicky.
> 
> I had initially enabled the EL5 firewall, then later disabled it, 
> including selecting --disable-firewall.  Still, this one C5 workstation 
> wouldn't cooperate for user authentication.
> 
> Then, as a bit of an experiment, I opted to visit the EL5 services and 
> manually highlight IPtables, clicked STOP, and tried the verification 
> again.  This time, the C5 system got the NIS data.
> 
> 
> Now, if I want to enable a firewall on all machines -
> 
> As a server, EL5 does have an option to select NFS services be run on 
> specific ports.   How do I configure the C5 clients to also communicate 
> on those ports, thus allowing full NIS/NFS user authentication and 
> directory exporting, all the while with built-in firewall protection on 
> all systems?
> 
> These are all out-of-box setups, with no updates, and full package 
> installs from the install media.
> 
> As time goes on, I will migrate to the OpenLDAP world, but I haven't had 
> the opportunity to experiment with that just yet.
> 
> Thanks.
> 
> Scott

This guide talks about NFS and NIS and firewalls:

http://www.centos.org/docs/5/html/5.1/Deployment_Guide/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080111/3df1b24c/attachment-0005.sig>