On Thu, May 31, 2012 at 5:27 PM, Paul Heinlein <heinlein at madboa.com> wrote: > On Thu, 31 May 2012, Boris Epstein wrote: > > On Thu, May 31, 2012 at 5:08 PM, <m.roth at 5-cent.us> wrote: >> >> Boris Epstein wrote: >>> >>>> Hello all, >>>> >>>> I have a server on my private network that is configured as an NIS >>>> server and mapped to a "public" IP address on a firewall. All other TCP >>>> ports (SSH, iperf, you name it) are visible from the outside - but the >>>> portmapper-managed ports (port 111 itself and the YPSERV/YPXFRD ports, >>>> etc.) are not visible from the outside - even though they are alive and >>>> well on the internal network. >>>> >>>> So, here's the question: is there anything special as far as >>>> portmapper's networking/security setup that is at play here? >>>> >>>> Is it open to the correct destination in iptables? >>> >>> >> I believe so. Basically, iptables is set to forward any and all traffic >> arriving on an external public IP to the internal private one. For multiple >> ports it seems to work fine. I use the same approach to forward NFS mounts >> to a private NFS server on the same private network - and that works like a >> charm which actually makes it even more mysterious, IMO. >> > > I'll note that access to portmap can be manipulated via > /etc/hosts.{allow,deny}, just in case that's an issue here. > > -- > Paul Heinlein > heinlein at madboa.com > 45°38' N, 122°6' W > _______________________________________________ > Paul, Thanks. I thought the same thing. I have two CentOS 6.2 machines, hosts.allow and hosts.deny are blank on both, both get redirected traffic via the firewall in the same fashion. Yet you can connect to one on port 111 (RPC mapper) from the outside but not to the other! Boris.