Bug 61375
Summary: | iptables NIS (ypbind) | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | George France <france> |
Component: | anaconda | Assignee: | Beth Uptagrafft <bhu> |
Status: | CLOSED DEFERRED | QA Contact: | Brock Organ <borgan> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.3 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | alpha | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2002-03-18 19:42:10 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
George France
2002-03-18 19:08:54 UTC
The only item in NIS that has a static port number is portmapper (111) as soon as the other services, ypbind, ypserv, yppasswdd etc register themselves with portmap, the portmapper (true to it's name) assigns an arbitary port to the service, when someone wants say the yppasswd service the connection is first made to portmapper to lookup the port on which that service is running on the machine. After the client is told what the port number is, it opens a NEW connection to that port at which point the iptables deny rules will probably kick in. Consider below the start/stops as a system reboot, notice how the port number jumps around. [root@alpha3 /root]# pmap_dump | grep yppasswdd ; service yppasswdd stop ; service yppasswdd start 100009 1 udp 965 yppasswdd Stopping YP passwd service: [ OK ] Starting YP passwd service: [ OK ] [root@alpha3 /root]# pmap_dump | grep yppasswdd ; service yppasswdd stop ; service yppasswdd start 100009 1 udp 996 yppasswdd Stopping YP passwd service: [ OK ] Starting YP passwd service: [ OK ] [root@alpha3 /root]# pmap_dump | grep yppasswdd ; service yppasswdd stop ; service yppasswdd start 100009 1 udp 360 yppasswdd Stopping YP passwd service: [ OK ] Starting YP passwd service: [ OK ] I see no available mechanism that will allow me to provide a suitable iptables statement to encompass this dynamic of NIS unless you can think of something I havn't. Phil =--= |