[CentOS] portmap/NIS mystery

Thu May 31 21:27:23 UTC 2012
Paul Heinlein <heinlein at madboa.com>

On Thu, 31 May 2012, Boris Epstein wrote:

> On Thu, May 31, 2012 at 5:08 PM, <m.roth at 5-cent.us> wrote:
>
>> Boris Epstein wrote:
>>> Hello all,
>>>
>>> I have a server on my private network that is configured as an NIS 
>>> server and mapped to a "public" IP address on a firewall. All 
>>> other TCP ports (SSH, iperf, you name it) are visible from the 
>>> outside - but the portmapper-managed ports (port 111 itself and 
>>> the YPSERV/YPXFRD ports, etc.) are not visible from the outside - 
>>> even though they are alive and well on the internal network.
>>>
>>> So, here's the question: is there anything special as far as 
>>> portmapper's networking/security setup that is at play here?
>>>
>> Is it open to the correct destination in iptables?
>>
>
> I believe so. Basically, iptables is set to forward any and all 
> traffic arriving on an external public IP to the internal private 
> one. For multiple ports it seems to work fine. I use the same 
> approach to forward NFS mounts to a private NFS server on the same 
> private network - and that works like a charm which actually makes 
> it even more mysterious, IMO.

I'll note that access to portmap can be manipulated via 
/etc/hosts.{allow,deny}, just in case that's an issue here.

-- 
Paul Heinlein
heinlein at madboa.com
45°38' N, 122°6' W