On Thu, 31 May 2012, Boris Epstein wrote: > On Thu, May 31, 2012 at 5:08 PM, <m.roth at 5-cent.us> wrote: > >> Boris Epstein wrote: >>> Hello all, >>> >>> I have a server on my private network that is configured as an NIS >>> server and mapped to a "public" IP address on a firewall. All >>> other TCP ports (SSH, iperf, you name it) are visible from the >>> outside - but the portmapper-managed ports (port 111 itself and >>> the YPSERV/YPXFRD ports, etc.) are not visible from the outside - >>> even though they are alive and well on the internal network. >>> >>> So, here's the question: is there anything special as far as >>> portmapper's networking/security setup that is at play here? >>> >> Is it open to the correct destination in iptables? >> > > I believe so. Basically, iptables is set to forward any and all > traffic arriving on an external public IP to the internal private > one. For multiple ports it seems to work fine. I use the same > approach to forward NFS mounts to a private NFS server on the same > private network - and that works like a charm which actually makes > it even more mysterious, IMO. I'll note that access to portmap can be manipulated via /etc/hosts.{allow,deny}, just in case that's an issue here. -- Paul Heinlein heinlein at madboa.com 45°38' N, 122°6' W