From: Russell Page (russellpage@hotmail.com)
Date: Mon Jan 31 2005 - 00:26:27 EST
I googled, and searched Sunsolve and the Checkpoint website. However
everything I found seemed to miss some important stuff. So I'm posting this
so the next poor schmuck who has to set this up will find something on the
net. Here is how to get NIS+ working through Checkpoint Firewall-1 R55 ...
1. On the firewall management server run Checkpoints "dbedit" command. At
the dbedit prompt, run:
dbedit> modify properties firewall_properties enable_tcprpc true
dbedit> quit -update_all
2. In the firewall ruleset, create the following objects:
a. Name: sunrpc_tcp Protocol: TCP Port: 111
b. Name: sunrpc_udp Protocol: UDP Port: 111
c. Name: nisplus_callback_tcp Protocol: > 32767
d. Name nisplus_callback_udp Protocol: > 32767
3. Add these rules:
Source: nis_client Destination: nis_server Services: nisplus, sunrpc_tcp,
sunrpc_udp
Source: nis_server Destination: nis_client Services: nisplus_callback_tcp,
nisplus_callback_udp
I KNOW that defining nisplus as a service implies sunrpc_udp, but weirdly
after a while, the firewall started dropping the portmapper queries over
UDP.
Colleagues here are suggesting I run snoops, packet captures etc to dig out
more information, but I think I'm up against diminishing returns. I have
already spent two full days on this.
PS Another colleague has just asked me "what about master/slave servers"
AAAAAAAGH!
PPS "... what about Linux, and other non Sun machines?" I think I'll just
go to the pub ...
-- Russell Page.
Undefined: The computer can do whatever it likes. For instance, "The result
of dereferencing a null pointer is undefined." means "do this and the
computer
might turn into a hollow chocolate bunny."
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:05 EDT