Bug 61375 - iptables NIS (ypbind)
iptables NIS (ypbind)
Status: CLOSED DEFERRED
Product: Red Hat Linux
Classification: Retired
Component: anaconda (Show other bugs)
7.3
alpha Linux
medium Severity medium
: ---
: ---
Assigned To: Beth Uptagrafft
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-03-18 14:08 EST by George France
Modified: 2007-04-18 12:41 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-03-18 14:42:10 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description George France 2002-03-18 14:08:54 EST
Description of Problem:

If you do an installation with the default firewall rules and setup NIS (ypbind)
to use a ypserver. You will get a bootable system, that will not be able to find
the ypserver due to restrictions in the firewall. This is a serious problem, if
you have no users locally defined.   

How Reproducible:

always.

Expected Results:

The firewall should have NIS rules for a ypserver / client, when NIS is setup.

--George
Comment 1 Phil Copeland 2002-04-22 00:15:28 EDT
The only item in NIS that has a static port number is portmapper (111)
as soon as the other services, ypbind, ypserv, yppasswdd etc register themselves
with portmap, the portmapper (true to it's name) assigns an arbitary port to the
service, when someone wants say the yppasswd service the connection is first
made to portmapper to lookup the port on which that service is running on the
machine. After the client is told what the port number is, it opens a NEW
connection to that port at which point the iptables deny rules will probably
kick in. Consider below the start/stops as a system reboot, notice how the port
number jumps around.

[root@alpha3 /root]# pmap_dump | grep yppasswdd ; service yppasswdd stop ;
service yppasswdd start
    100009    1   udp    965  yppasswdd
Stopping YP passwd service:                                [  OK  ]
Starting YP passwd service:                                [  OK  ]
[root@alpha3 /root]# pmap_dump | grep yppasswdd ; service yppasswdd stop ;
service yppasswdd start
    100009    1   udp    996  yppasswdd
Stopping YP passwd service:                                [  OK  ]
Starting YP passwd service:                                [  OK  ]
[root@alpha3 /root]# pmap_dump | grep yppasswdd ; service yppasswdd stop ;
service yppasswdd start
    100009    1   udp    360  yppasswdd
Stopping YP passwd service:                                [  OK  ]
Starting YP passwd service:                                [  OK  ]


I see no available mechanism that will allow me to provide a suitable iptables
statement to encompass this dynamic of NIS unless you can think of something I
havn't.

Phil
=--=

Note You need to log in before you can comment on or make changes to this bug.