Bug 61375

Summary: iptables NIS (ypbind)
Product: [Retired] Red Hat Linux Reporter: George France <france>
Component: anacondaAssignee: Beth Uptagrafft <bhu>
Status: CLOSED DEFERRED QA Contact: Brock Organ <borgan>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3   
Target Milestone: ---   
Target Release: ---   
Hardware: alpha   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-03-18 19:42:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description George France 2002-03-18 19:08:54 UTC 
Description of Problem:

If you do an installation with the default firewall rules and setup NIS (ypbind)
to use a ypserver. You will get a bootable system, that will not be able to find
the ypserver due to restrictions in the firewall. This is a serious problem, if
you have no users locally defined.   

How Reproducible:

always.

Expected Results:

The firewall should have NIS rules for a ypserver / client, when NIS is setup.

--George
Comment 1 Phil Copeland 2002-04-22 04:15:28 UTC 
The only item in NIS that has a static port number is portmapper (111)
as soon as the other services, ypbind, ypserv, yppasswdd etc register themselves
with portmap, the portmapper (true to it's name) assigns an arbitary port to the
service, when someone wants say the yppasswd service the connection is first
made to portmapper to lookup the port on which that service is running on the
machine. After the client is told what the port number is, it opens a NEW
connection to that port at which point the iptables deny rules will probably
kick in. Consider below the start/stops as a system reboot, notice how the port
number jumps around.

[root@alpha3 /root]# pmap_dump | grep yppasswdd ; service yppasswdd stop ;
service yppasswdd start
    100009    1   udp    965  yppasswdd
Stopping YP passwd service:                                [  OK  ]
Starting YP passwd service:                                [  OK  ]
[root@alpha3 /root]# pmap_dump | grep yppasswdd ; service yppasswdd stop ;
service yppasswdd start
    100009    1   udp    996  yppasswdd
Stopping YP passwd service:                                [  OK  ]
Starting YP passwd service:                                [  OK  ]
[root@alpha3 /root]# pmap_dump | grep yppasswdd ; service yppasswdd stop ;
service yppasswdd start
    100009    1   udp    360  yppasswdd
Stopping YP passwd service:                                [  OK  ]
Starting YP passwd service:                                [  OK  ]


I see no available mechanism that will allow me to provide a suitable iptables
statement to encompass this dynamic of NIS unless you can think of something I
havn't.

Phil
=--=