On Tue, Mar 02, 1999 at 06:39:27PM +1000, Peter Ludwig wrote:
> The Client machine needs to have it's default gateway set as your
> gateway/host machine. Oops... forgot an important detail before, you'll
> need to allow the IP number for your client machine as part of the allowed
> systems in your hosts.allow file for portmap:
> [hosts.allow snipped]
> <start of file>
> # /etc/hosts.deny: list of hosts that are _not_ allowed to access the
> system.
> # See the manual pages hosts_access(5), hosts_options(5)
> # and /usr/doc/netbase/portmapper.txt.gz
> #
> # Example: ALL: some.host.name, .some.domain
> # ALL EXCEPT in.fingerd: other.host.name, .other.domain
> #
> # If you're going to protect the portmapper use the name "portmap" for the
> # daemon name. Remember that you can only use the keyword "ALL" and IP
> # addresses (NOT host or domain names) for the portmapper. See portmap(8)
> # and /usr/doc/netbase/portmapper.txt.gz for further information.
> #
> # The PARANOID wildcard matches any host whose name does not match its
> # address.
> portmap: ALL
>
> <end of file>
Ahem - this way you block portmap from the outside but let everything else in.
That's bad! And, of course - portmap alone will not buy you anything, you will
need to enable rpc.mountd and rpc.nfsd to the inside too.
> These files are VERY important, without them setup correctly, no matter
> what I did I couldn't do anything.
With your setup you could do nearly everything.
> For your information portmap refers to the gateway/hosts DNS server, and
> the above files should be on the gateway/host.
portmap is not a dns server. The dns is called named. portmap is a program to
enable remote procedure calls (rpc) so you can use services like network
information system (nis) or network file system (nfs). You do not want to open
these to the outside!
Hope this helps
Torsten
Attachment:
pgp2unRZivu2R.pgp
Description: PGP signature