Re: [Masq] ipchains problem with ypbind

Mon, 27 Nov 2000 13:36:04 -0800 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Raf,

My NIS Server is NOT outside my firewall!  It is intended only for use
internally.  I do not understand why ypbind is triggering a rule that is
checking my EXTIF!  Does ypbind do a general broadcast across all available
interfaces?  The rule is intended to trap RPC outbound on my EXTIF - and it's
doing that quite admirably.  But how do I tell ypbind to shut up?

...Jake


>>>>> "raf" == raf  <[EMAIL PROTECTED]> writes:

    >> Jake Colman wrote:
    >>
    >> > I am using the ipchains ruleset from TrinityOS and cannot get ypbind
    >> > to work.  It insists on doing a broadcast on my EXTIF which, of
    >> > course, is being rejected.  Is there something I should be doing for
    >> > this to work?
    >>
    >> don't put your nis server outside your firewall unless it is behind
    >> another firewall. if it is behind another firewall, change the rules
    >> of the internal firewall to allow the packets. the packets logs should
    >> tell you what rules you need to add.

    raf> i think this will not be easy. rpc is used so there could be all
    raf> sorts of udp packets traversing the firewall and you might not be
    raf> able to predict them which means allowing lots of udp (= bad) so
    raf> make sure they are only allowed from the nis server host and nowhere
    raf> else.

    raf> but i'd strongly recommend not having your nis server outside the
    raf> firewall if at all possible.

    raf> raf


-- 
Jake Colman                     

Principia Partners LLC                  Phone: (201) 946-0300
Harborside Financial Center               Fax: (201) 946-0320
902 Plaza II                           Beeper: (800) 928-4640
Jersey City, NJ 07311                  E-mail: [EMAIL PROTECTED]
                                       E-mail: [EMAIL PROTECTED]
                                          web: http://www.ppllc.com

microsoft: "where do you want to go today?"
linux:     "where do you want to go tomorrow?"
BSD:       "are you guys coming, or what?"

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to