FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 05-31-2012, 09:05 PM
Boris Epstein
 
Default portmap/NIS mystery

Hello all,

I have a server on my private network that is configured as an NIS server
and mapped to a "public" IP address on a firewall. All other TCP ports
(SSH, iperf, you name it) are visible from the outside - but the
portmapper-managed ports (port 111 itself and the YPSERV/YPXFRD ports,
etc.) are not visible from the outside - even though they are alive and
well on the internal network.

So, here's the question: is there anything special as far as portmapper's
networking/security setup that is at play here?

Thanks.

Boris.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-31-2012, 09:05 PM
Boris Epstein
 
Default portmap/NIS mystery

Hello all,

I have a server on my private network that is configured as an NIS server
and mapped to a "public" IP address on a firewall. All other TCP ports
(SSH, iperf, you name it) are visible from the outside - but the
portmapper-managed ports (port 111 itself and the YPSERV/YPXFRD ports,
etc.) are not visible from the outside - even though they are alive and
well on the internal network.

So, here's the question: is there anything special as far as portmapper's
networking/security setup that is at play here?

Thanks.

Boris.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-31-2012, 09:08 PM
 
Default portmap/NIS mystery

Boris Epstein wrote:
> Hello all,
>
> I have a server on my private network that is configured as an NIS server
> and mapped to a "public" IP address on a firewall. All other TCP ports
> (SSH, iperf, you name it) are visible from the outside - but the
> portmapper-managed ports (port 111 itself and the YPSERV/YPXFRD ports,
> etc.) are not visible from the outside - even though they are alive and
> well on the internal network.
>
> So, here's the question: is there anything special as far as portmapper's
> networking/security setup that is at play here?
>
Is it open to the correct destination in iptables?

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-31-2012, 09:08 PM
 
Default portmap/NIS mystery

Boris Epstein wrote:
> Hello all,
>
> I have a server on my private network that is configured as an NIS server
> and mapped to a "public" IP address on a firewall. All other TCP ports
> (SSH, iperf, you name it) are visible from the outside - but the
> portmapper-managed ports (port 111 itself and the YPSERV/YPXFRD ports,
> etc.) are not visible from the outside - even though they are alive and
> well on the internal network.
>
> So, here's the question: is there anything special as far as portmapper's
> networking/security setup that is at play here?
>
Is it open to the correct destination in iptables?

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-31-2012, 09:15 PM
Boris Epstein
 
Default portmap/NIS mystery

On Thu, May 31, 2012 at 5:08 PM, <m.roth@5-cent.us> wrote:

> Boris Epstein wrote:
> > Hello all,
> >
> > I have a server on my private network that is configured as an NIS server
> > and mapped to a "public" IP address on a firewall. All other TCP ports
> > (SSH, iperf, you name it) are visible from the outside - but the
> > portmapper-managed ports (port 111 itself and the YPSERV/YPXFRD ports,
> > etc.) are not visible from the outside - even though they are alive and
> > well on the internal network.
> >
> > So, here's the question: is there anything special as far as portmapper's
> > networking/security setup that is at play here?
> >
> Is it open to the correct destination in iptables?
>
> mark
>
> _______________________________________________
>

I believe so. Basically, iptables is set to forward any and all traffic
arriving on an external public IP to the internal private one. For multiple
ports it seems to work fine. I use the same approach to forward NFS mounts
to a private NFS server on the same private network - and that works like a
charm which actually makes it even more mysterious, IMO.

Boris.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-31-2012, 09:15 PM
Boris Epstein
 
Default portmap/NIS mystery

On Thu, May 31, 2012 at 5:08 PM, <m.roth@5-cent.us> wrote:

> Boris Epstein wrote:
> > Hello all,
> >
> > I have a server on my private network that is configured as an NIS server
> > and mapped to a "public" IP address on a firewall. All other TCP ports
> > (SSH, iperf, you name it) are visible from the outside - but the
> > portmapper-managed ports (port 111 itself and the YPSERV/YPXFRD ports,
> > etc.) are not visible from the outside - even though they are alive and
> > well on the internal network.
> >
> > So, here's the question: is there anything special as far as portmapper's
> > networking/security setup that is at play here?
> >
> Is it open to the correct destination in iptables?
>
> mark
>
> _______________________________________________
>

I believe so. Basically, iptables is set to forward any and all traffic
arriving on an external public IP to the internal private one. For multiple
ports it seems to work fine. I use the same approach to forward NFS mounts
to a private NFS server on the same private network - and that works like a
charm which actually makes it even more mysterious, IMO.

Boris.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-31-2012, 09:27 PM
Paul Heinlein
 
Default portmap/NIS mystery

On Thu, 31 May 2012, Boris Epstein wrote:


On Thu, May 31, 2012 at 5:08 PM, <m.roth@5-cent.us> wrote:


Boris Epstein wrote:

Hello all,

I have a server on my private network that is configured as an NIS
server and mapped to a "public" IP address on a firewall. All
other TCP ports (SSH, iperf, you name it) are visible from the
outside - but the portmapper-managed ports (port 111 itself and
the YPSERV/YPXFRD ports, etc.) are not visible from the outside -
even though they are alive and well on the internal network.


So, here's the question: is there anything special as far as
portmapper's networking/security setup that is at play here?



Is it open to the correct destination in iptables?



I believe so. Basically, iptables is set to forward any and all
traffic arriving on an external public IP to the internal private
one. For multiple ports it seems to work fine. I use the same
approach to forward NFS mounts to a private NFS server on the same
private network - and that works like a charm which actually makes
it even more mysterious, IMO.


I'll note that access to portmap can be manipulated via
/etc/hosts.{allow,deny}, just in case that's an issue here.


--
Paul Heinlein
heinlein@madboa.com
4538' N, 1226' W_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-31-2012, 09:27 PM
Paul Heinlein
 
Default portmap/NIS mystery

On Thu, 31 May 2012, Boris Epstein wrote:


On Thu, May 31, 2012 at 5:08 PM, <m.roth@5-cent.us> wrote:


Boris Epstein wrote:

Hello all,

I have a server on my private network that is configured as an NIS
server and mapped to a "public" IP address on a firewall. All
other TCP ports (SSH, iperf, you name it) are visible from the
outside - but the portmapper-managed ports (port 111 itself and
the YPSERV/YPXFRD ports, etc.) are not visible from the outside -
even though they are alive and well on the internal network.


So, here's the question: is there anything special as far as
portmapper's networking/security setup that is at play here?



Is it open to the correct destination in iptables?



I believe so. Basically, iptables is set to forward any and all
traffic arriving on an external public IP to the internal private
one. For multiple ports it seems to work fine. I use the same
approach to forward NFS mounts to a private NFS server on the same
private network - and that works like a charm which actually makes
it even more mysterious, IMO.


I'll note that access to portmap can be manipulated via
/etc/hosts.{allow,deny}, just in case that's an issue here.


--
Paul Heinlein
heinlein@madboa.com
4538' N, 1226' W_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-31-2012, 10:09 PM
Boris Epstein
 
Default portmap/NIS mystery

On Thu, May 31, 2012 at 5:27 PM, Paul Heinlein <heinlein@madboa.com> wrote:

> On Thu, 31 May 2012, Boris Epstein wrote:
>
> On Thu, May 31, 2012 at 5:08 PM, <m.roth@5-cent.us> wrote:
>>
>> Boris Epstein wrote:
>>>
>>>> Hello all,
>>>>
>>>> I have a server on my private network that is configured as an NIS
>>>> server and mapped to a "public" IP address on a firewall. All other TCP
>>>> ports (SSH, iperf, you name it) are visible from the outside - but the
>>>> portmapper-managed ports (port 111 itself and the YPSERV/YPXFRD ports,
>>>> etc.) are not visible from the outside - even though they are alive and
>>>> well on the internal network.
>>>>
>>>> So, here's the question: is there anything special as far as
>>>> portmapper's networking/security setup that is at play here?
>>>>
>>>> Is it open to the correct destination in iptables?
>>>
>>>
>> I believe so. Basically, iptables is set to forward any and all traffic
>> arriving on an external public IP to the internal private one. For multiple
>> ports it seems to work fine. I use the same approach to forward NFS mounts
>> to a private NFS server on the same private network - and that works like a
>> charm which actually makes it even more mysterious, IMO.
>>
>
> I'll note that access to portmap can be manipulated via
> /etc/hosts.{allow,deny}, just in case that's an issue here.
>
> --
> Paul Heinlein
> heinlein@madboa.com
> 4538' N, 1226' W
> _______________________________________________
>

Paul,

Thanks. I thought the same thing. I have two CentOS 6.2 machines,
hosts.allow and hosts.deny are blank on both, both get redirected traffic
via the firewall in the same fashion. Yet you can connect to one on port
111 (RPC mapper) from the outside but not to the other!

Boris.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 12:59 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org