[CentOS] portmap/NIS mystery
Paul Heinlein
heinlein at madboa.com
Thu May 31 21:27:23 UTC 2012
On Thu, 31 May 2012, Boris Epstein wrote:
> On Thu, May 31, 2012 at 5:08 PM, <m.roth at 5-cent.us> wrote:
>
>> Boris Epstein wrote:
>>> Hello all,
>>>
>>> I have a server on my private network that is configured as an NIS
>>> server and mapped to a "public" IP address on a firewall. All
>>> other TCP ports (SSH, iperf, you name it) are visible from the
>>> outside - but the portmapper-managed ports (port 111 itself and
>>> the YPSERV/YPXFRD ports, etc.) are not visible from the outside -
>>> even though they are alive and well on the internal network.
>>>
>>> So, here's the question: is there anything special as far as
>>> portmapper's networking/security setup that is at play here?
>>>
>> Is it open to the correct destination in iptables?
>>
>
> I believe so. Basically, iptables is set to forward any and all
> traffic arriving on an external public IP to the internal private
> one. For multiple ports it seems to work fine. I use the same
> approach to forward NFS mounts to a private NFS server on the same
> private network - and that works like a charm which actually makes
> it even more mysterious, IMO.
I'll note that access to portmap can be manipulated via
/etc/hosts.{allow,deny}, just in case that's an issue here.
--
Paul Heinlein
heinlein at madboa.com
45°38' N, 122°6' W
More information about the CentOS
mailing list