Re: [CentOS] portmap/NIS mystery
Boris Epstein wrote: Hello all, I have a server on my private network that is configured as an NIS server and mapped to a public IP address on a firewall. All other TCP ports (SSH, iperf, you name it) are visible from the outside - but the portmapper-managed ports (port 111 itself and the YPSERV/YPXFRD ports, etc.) are not visible from the outside - even though they are alive and well on the internal network. So, here's the question: is there anything special as far as portmapper's networking/security setup that is at play here? Is it open to the correct destination in iptables? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] portmap/NIS mystery
On Thu, May 31, 2012 at 5:08 PM, m.r...@5-cent.us wrote: Boris Epstein wrote: Hello all, I have a server on my private network that is configured as an NIS server and mapped to a public IP address on a firewall. All other TCP ports (SSH, iperf, you name it) are visible from the outside - but the portmapper-managed ports (port 111 itself and the YPSERV/YPXFRD ports, etc.) are not visible from the outside - even though they are alive and well on the internal network. So, here's the question: is there anything special as far as portmapper's networking/security setup that is at play here? Is it open to the correct destination in iptables? mark ___ I believe so. Basically, iptables is set to forward any and all traffic arriving on an external public IP to the internal private one. For multiple ports it seems to work fine. I use the same approach to forward NFS mounts to a private NFS server on the same private network - and that works like a charm which actually makes it even more mysterious, IMO. Boris. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] portmap/NIS mystery
On Thu, 31 May 2012, Boris Epstein wrote:
On Thu, May 31, 2012 at 5:08 PM, m.r...@5-cent.us wrote:
Boris Epstein wrote:
Hello all,
I have a server on my private network that is configured as an NIS
server and mapped to a public IP address on a firewall. All
other TCP ports (SSH, iperf, you name it) are visible from the
outside - but the portmapper-managed ports (port 111 itself and
the YPSERV/YPXFRD ports, etc.) are not visible from the outside -
even though they are alive and well on the internal network.
So, here's the question: is there anything special as far as
portmapper's networking/security setup that is at play here?
Is it open to the correct destination in iptables?
I believe so. Basically, iptables is set to forward any and all
traffic arriving on an external public IP to the internal private
one. For multiple ports it seems to work fine. I use the same
approach to forward NFS mounts to a private NFS server on the same
private network - and that works like a charm which actually makes
it even more mysterious, IMO.
I'll note that access to portmap can be manipulated via
/etc/hosts.{allow,deny}, just in case that's an issue here.
--
Paul Heinlein
heinl...@madboa.com
45°38' N, 122°6' W___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] portmap/NIS mystery
On Thu, May 31, 2012 at 5:27 PM, Paul Heinlein heinl...@madboa.com wrote:
On Thu, 31 May 2012, Boris Epstein wrote:
On Thu, May 31, 2012 at 5:08 PM, m.r...@5-cent.us wrote:
Boris Epstein wrote:
Hello all,
I have a server on my private network that is configured as an NIS
server and mapped to a public IP address on a firewall. All other TCP
ports (SSH, iperf, you name it) are visible from the outside - but the
portmapper-managed ports (port 111 itself and the YPSERV/YPXFRD ports,
etc.) are not visible from the outside - even though they are alive and
well on the internal network.
So, here's the question: is there anything special as far as
portmapper's networking/security setup that is at play here?
Is it open to the correct destination in iptables?
I believe so. Basically, iptables is set to forward any and all traffic
arriving on an external public IP to the internal private one. For multiple
ports it seems to work fine. I use the same approach to forward NFS mounts
to a private NFS server on the same private network - and that works like a
charm which actually makes it even more mysterious, IMO.
I'll note that access to portmap can be manipulated via
/etc/hosts.{allow,deny}, just in case that's an issue here.
--
Paul Heinlein
heinl...@madboa.com
45°38' N, 122°6' W
___
Paul,
Thanks. I thought the same thing. I have two CentOS 6.2 machines,
hosts.allow and hosts.deny are blank on both, both get redirected traffic
via the firewall in the same fashion. Yet you can connect to one on port
111 (RPC mapper) from the outside but not to the other!
Boris.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
