* I don't have any direct experience with Firewall and NIS+...
but I found the following in "man ypbind":
-p port
ypbind will bind itself to this port. This makes
it possible to have a router filter packets to the
NIS ports, so that access to this service from
hosts on the Internet can be restricted.
* That seems to have to do with router filtering (firewalling) and
let you set the specific port.
Also I'm thinking to myself (now out loud ;-) to go a see in the
INIT startup (on Linux SuSe 6.2 anyway) in /etc/rc.d and see what
gets started for service NISPLUS. So I go look at the file
/etc/rc.d/nisplus (and also /etc/rc.d/rpc ?) and find the "start"
sections. They seem to be firing up the following:
/usr/sbin/keyserv
/usr/sbin/nis_cachemgr
/usr/sbin/rpc.nisd
/usr/sbin/rpc.nispasswd
(I don't seem to have all of these things install, probably because
I don't run NIS/NIS+ but it seems ypbind and ypserv and important...,
Ah! there is also an /etc/rc.d/ypserv startup script, and a ypclient
script which has "ypbind" called in it.)
Linux has a HOWTO for NIS Server is /usr/doc howto's. ypserv seems
to have the same "-p <port>" option that ypbind has. This might
lead you more in the right direction. Anyway probably good to consult
a reference like the HOWTO (or better?).
* Interestingly "sunrpc" is in /etc/services as both:
port 111 TCP and port 111 UDP
**** Disclaimer: The last and only time I ran NIS/NIS+ was on a job
where I had to clone all the services/software from one SunOS Intel
box to another. At that time I had access to a good reference book
on NIS/NIS+. I don't remember the name of the book but I was able
to get the service started on the clone machine and make it the MASTER.
I don't remember now what the hell I did ;-) I do remember that NIS
is derived from the old SUN "Yellow Pages" (hence the YP names in
the servers/clients) and requires Remote Proceedure Calls (hence the
RPC named things
-------------------------------------------
Alan G. Spicer - CCNA |Unix, Linux, &
([EMAIL PROTECTED]) |Network Systems
([EMAIL PROTECTED]) |Administration
-------------------------------------------
-----Original Message-----
From: Royans Tharakan [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 28, 2001 5:49 PM
To: [EMAIL PROTECTED]
Subject: Secure RPC & Nisplus over PIX/Firewall
Hi,
I can't seem to any relevent documentation on SecureRPC port
usage for NIS+ client/server.
Has anyone configured Firewall/PIX to allow only NIS+ traffic
through ?
Can someone list the ports which it uses.. or guide me as to
where I can find
anything relevent to this.
I'm using Sun for NIS+ server, and SUN and Linux for clients.
Solaris 8, RH 7.2
regards,
Royans
