Re: NIS setup problems
On Thu, 26 Sep 2002, nate wrote:
> D. J. Bolderman said:
> > Hi Guys,
> > Now, when I start NIS, I see that ypbind tries to bind to eth0, but I
> > want it to bind to eth1.
> I believe all RPC services bind to 0.0.0.0 (all interfaces), and there
> is no way to change this, from what I've read it would require a ton of
> code to be changed. I have also read that just because a service is
> listening on one interface instead of both, does not mean that service
> is not accessable from the other interface. That is, even if you COULD
> bind NIS to eth1, an attacker could still in theory(maybe in practice
> though it's a bit beyond my knowledge at this point), connect to the
> service through the eth0 interface. Again from what I've read this rule
> does not apply to services bound to the loopback(lo) interface. But you
> still won't be able to bind RPC services(such as NIS) to a specific
> interface without major code changes.
> Things may of changed since but I don't think they have. A good firewall
> is your best bet.
> I believe this situation is shared on other UNIX systems as well, I haven't
> encountered a UNIX system that had a way to do this(though I haven't
> actively looked into it either).
well, after changing my nisdomainname to something else than my normal
domainname, restarting the server, and make some slight changes in the
config files, i got rid of those messages. NIS seems to be running fine
now. Ofcourse, i'm not sure what the problem was, but i will take a look
at the config files again to make sure I know what i'm doing...:)
Thanks for explaining a bit more in-depth details !
--
D.J. Bolderman
list@bolderman.xs4all.nl
Reply to: