Re: Setting up NIS questions?
I have 2 NICS in the master node of a small cluster. bge0 is connected to the outside world with a FQDN and registered DNS IP address. bge1 is connected to a 192.168.0.x internal network. I'm trying to configure NIS for the internal network, but ypinit is grabbing the FQDN. I've read the Handbook and ypinit manual page without too much enlightment. :( What I'm after is 192.168.0.10 NIS master server 192.168.0.11 NIS slave server 192.168.0.[12-15] NIS clients Anyone have a pointer to a method to achieve my goals. I would _strongly_ suggest that you run you firewall from another machine instead of using you NIS master for this. This really is Security 101 :) Check out OpenBSD with pf for this purpose or use a Cisco PIX (you can find several on eBay). But if you don't want/can do this, why don't you setup a jail for you NIS master? You can bind the jail to the RFC 1918 IP address range. Therefore, starting up ypbind inside the jail would only see the 192.168.0/24 network and bind to it. See jail(8), jls(8) and jexec(8). You might also want to check mount_nullfs(8) to help you with the jail's ports tree. If you need help with the jail setup, feel free to email me off the list. David -- David Robillard UNIX systems administrator CISSP Sun Certified Security Administrator Sun Certified Systems Administrator Montreal: +1 514 966 0122 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Setting up NIS questions?
On Sat, May 20, 2006 at 12:33:21PM -0400, Chuck Swiger wrote: > Steve Kargl wrote: > >I can't even get NIS set up with ypinit. It unconditionally > >uses /bin/hostname, which will grab the FQDN of the system. > >You have given me an idea. I can change rc.conf to set hostname > >to the name I've given 192.168.0.10, put that on bge0, put > >the IP address associated with the FQDN on bge1, and reboot. > >This might permit NIS to come up. Though this seems like a hack, > >because when someone connects to the seem via the FQDN, > >/bin/hostname will give the wrong answer. > > Associating the ypdomain with the FQDN from the DNS is convenient, and a > convention that many follow, but it is not required, by any means. The > O'Reilly "Managing NIS and NFS" book is a fine reference on this sort of > thing, BTW, and is probably available online in PDF form if you look. Thanks for the pointer. I'll go looking for this book. > Nevertheless, YP/NIS predates many of the more convoluted network > designs that people set up nowadays, and was intended for machines which > have a single identity even if they have multiple NICs-- Sun used to > assign the same MAC address to all NICs on one machine, to ensure that > people respected collision domains. I don't see how this is convoluted. In fact, I would be inclined to claim that it is the defacto method for setting up an internal computational cluster s <---> node1 internet <-F-> FQDN|master <---> w <---> node2 t <---> node3 where swt = switch. > It is not normally desirable to set up a YP/NIS master server on > a machine which is multihomed in the sense of doing NAT or needing > a firewall to separate internal from external, and obvious a > firewall machine running zero or the minimal necessary services is > a lot more secure Note that <-F-> actually has at least one firewall. Only people in the apl.washington.edu domain can get to FQDN. I was hoping to use NIS to simplify the propagation of info (eg., passwd, hosts, etc.) from master to the nodes. Propagating the info by hand isn't too bad because I only have five nodes represently. However, I hope to grow an additional 11 nodes. -- Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Setting up NIS questions?
Steve Kargl wrote: I can't even get NIS set up with ypinit. It unconditionally uses /bin/hostname, which will grab the FQDN of the system. You have given me an idea. I can change rc.conf to set hostname to the name I've given 192.168.0.10, put that on bge0, put the IP address associated with the FQDN on bge1, and reboot. This might permit NIS to come up. Though this seems like a hack, because when someone connects to the seem via the FQDN, /bin/hostname will give the wrong answer. Associating the ypdomain with the FQDN from the DNS is convenient, and a convention that many follow, but it is not required, by any means. The O'Reilly "Managing NIS and NFS" book is a fine reference on this sort of thing, BTW, and is probably available online in PDF form if you look. Nevertheless, YP/NIS predates many of the more convoluted network designs that people set up nowadays, and was intended for machines which have a single identity even if they have multiple NICs-- Sun used to assign the same MAC address to all NICs on one machine, to ensure that people respected collision domains. It is not normally desirable to set up a YP/NIS master server on a machine which is multihomed in the sense of doing NAT or needing a firewall to separate internal from external, and obvious a firewall machine running zero or the minimal necessary services is a lot more secure -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Setting up NIS questions?
On Fri, May 19, 2006 at 05:55:22PM -0500, Derek Ragona wrote: > At 05:48 PM 5/19/2006, Steve Kargl wrote: >>I have 2 NICS in the master node of a small cluster. >>bge0 is connected to the outside world with a FQDN >>and registered DNS IP address. bge1 is connected to >>a 192.168.0.x internal network. I'm trying to configure >>NIS for the internal network, but ypinit is grabbing the >>FQDN. I've read the Handbook and ypinit manual page >>without too much enlightment. :( >> >>What I'm after is >> >>192.168.0.10 NIS master server >>192.168.0.11 NIS slave server >>192.168.0.[12-15] NIS clients >> >>Anyone have a pointer to a method to achieve my goals. >> >> > If memory serves YP will grab the first interface. If you switch the > stacks/IPs on the interfaces I think you will get what you want. > I can't even get NIS set up with ypinit. It unconditionally uses /bin/hostname, which will grab the FQDN of the system. You have given me an idea. I can change rc.conf to set hostname to the name I've given 192.168.0.10, put that on bge0, put the IP address associated with the FQDN on bge1, and reboot. This might permit NIS to come up. Though this seems like a hack, because when someone connects to the seem via the FQDN, /bin/hostname will give the wrong answer. -- Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Setting up NIS questions?
There isnt a way to specify which ip or interface NIS will bind to? On 5/19/06, Derek Ragona <[EMAIL PROTECTED]> wrote: If memory serves YP will grab the first interface. If you switch the stacks/IPs on the interfaces I think you will get what you want. -Derek At 05:48 PM 5/19/2006, Steve Kargl wrote: >I have 2 NICS in the master node of a small cluster. >bge0 is connected to the outside world with a FQDN >and registered DNS IP address. bge1 is connected to >a 192.168.0.x internal network. I'm trying to configure >NIS for the internal network, but ypinit is grabbing the >FQDN. I've read the Handbook and ypinit manual page >without too much enlightment. :( > >What I'm after is > >192.168.0.10 NIS master server >192.168.0.11 NIS slave server >192.168.0.[12-15] NIS clients > >Anyone have a pointer to a method to achieve my goals. > >-- >Steve >___ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "[EMAIL PROTECTED]" > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. >MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- -Lawrence ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Setting up NIS questions?
If memory serves YP will grab the first interface. If you switch the stacks/IPs on the interfaces I think you will get what you want. -Derek At 05:48 PM 5/19/2006, Steve Kargl wrote: I have 2 NICS in the master node of a small cluster. bge0 is connected to the outside world with a FQDN and registered DNS IP address. bge1 is connected to a 192.168.0.x internal network. I'm trying to configure NIS for the internal network, but ypinit is grabbing the FQDN. I've read the Handbook and ypinit manual page without too much enlightment. :( What I'm after is 192.168.0.10 NIS master server 192.168.0.11 NIS slave server 192.168.0.[12-15] NIS clients Anyone have a pointer to a method to achieve my goals. -- Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
