Re: Firewall and NIS

From: Eric Vanborren (Eric.Vanborren@cetelem.fr)
Date: 09/07/01 

Message-ID: <3B988FC2.6569F35F@cetelem.fr>
Date: Fri, 07 Sep 2001 11:13:38 +0200
From: Eric Vanborren <Eric.Vanborren@cetelem.fr>
To: security-discuss@linuxsecurity.com
Subject: Re: Firewall and NIS

I Full agree with Antonomasia
except I use "rsync -e ssh" for periodic updates

Antonomasia wrote:
>
> From: "Jin Mao" <jinsecurity@hotmail.com>
>
> > I have a NIS server behind the firewall DMZ port and NIS clients
> > outside the firewall. The client computer will mount users home
> > directory after user logged in. The firewall is Sonicwall XPRS2.
>
> > I set allow all traffic(all ports) from the subnet where NIS
> > clients stay in to the NIS server. Now, the user can log in,
> > an error message "nfs: server not responding, timed out." keeps
> > showing. I tried log in with local root account and noticed
> > that the volume is mounted but no contents there.
>
> I suggest trying hard to avoid NIS or NFS through a firewall.
>
> How about two NIS "masters"; one inside and one outside with
> periodic updates via rdist/ssh or something ?
>
> --
> ##############################################################
> # Antonomasia ant notatla.demon.co.uk #
> # See http://www.notatla.demon.co.uk/ #
> ##############################################################
> ------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message. 

-- 
Regards			CETELEM - Equipe système Unix / Xnet -
Eric Vanborren		20 av. Georges Pompidou - 92595 Levallois Perret -
FRANCE
			Tél: [33] (0)1.46.39-2329   e-mail: admxnet@cetelem.fr
		May The OpenSource be with you !
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.