Hi, I am sorry to disturb you. I've got your e-mails from Shorewall mailing list. I have problem - Linux pc (at 192.168.0.1 + external ip) which runs 2-interface shorewall (along with mail/web/ftp), cannot connect to YP NIS server running on internal network (192.168.0.11). ypbind requires portmapper (tcp/udp 111), ypbind itself uses randomly selected ports in range 600-900 (you can obtain them through "rpcinfo -p localhost"), I have opened ALL tcp/udp ports from loc to fw, however, ypbind client still cannot communicate with the server (even if I am explicitly specify NIS server IP). Any idea how to solve this problem? Thanks in advance for any suggestion(s) ********************************************* * Best Regards --- Andrei Verovski * * Personal Home Page * http://snow.prohosting.com/guru4mac/ * Mac, Linux, DTP, Development, IT WEB Site *********************************************
I have problem - Linux pc (at 192.168.0.1 + external ip) which runs 2-interface shorewall (along with mail/web/ftp), cannot connect to YP NIS server running on internal network (192.168.0.11).
Andrei, First question - why do you want to NIS bind your firewall ? It's not a really good idea to have anything other than local accounts active on the FW machine. Damian
On Jan 28, 2004, at 15:57, Damian O'Hara wrote:
I have problem - Linux pc (at 192.168.0.1 + external ip) which runs 2-interface shorewall (along with mail/web/ftp), cannot connect to YP NIS server running on internal network (192.168.0.11).
Andrei,
First question - why do you want to NIS bind your firewall ? It's not a really good idea to have anything other than local accounts active on the FW machine.
Our account are stored on NIS server which runs on internal IP (192.168.0.11). We need ypbind client on firewall machine (2-net-interface PC) because we have mail server running on it, and without ypbind client user mail account will not be active.. ********************************************* * Best Regards --- Andrei Verovski * * Personal Home Page * http://snow.prohosting.com/guru4mac/ * Mac, Linux, DTP, Development, IT WEB Site *********************************************
Hi Andrei , OK I understand. Running a NIS-bound mail server on a firewall machines is about the most dangerous place to put it. You're putting open services on the same machine that protects your network. Best thing is to move the mail server to another machine on the internal network. Really. There's been a lot of mail about this on the IPCop forums to name just one place. If you HAVE to run it that way, is inetd or xinetd running on the firewall to intercept the port 111 requests ? I don't have a copy of Shorewall to check with (IPCop user myself). Damian
participants (2)
-
Andrei Verovski -
Damian O'Hara