On our slave NIS server we have in /etc/sysconfig/network
I've set
YPSERV_ARGS="-p 944"
YPXFRD_ARGS="-p 945"
and OTHER_YPBIND_OPTS="-p 3000"
in /etc/ypbind.conf
and YPPASSWDD_ARGS="--port 946"
in /etc/sysconfig/yppasswdd
But on the master server when running make -C /var/yp
and debug enabled on firewalld the destination port (DPT) always changes. It's always UDP.
kernel: FINAL_REJECT: IN=eno3 OUT= MAC=00:0a:f7:e1:f8:6c:00:0a:f7:e1:d3:71:08:00 SRC=nis-slave DST=nis-master LEN=76 TOS=0x00 PREC=0x00 TTL=64 ID=59404 DF PROTO=UDP SPT=1003 DPT=676 LEN=56
Also in the new /etc/nfs.conf
we have:
[lockd]
port=4002
udp-port=4002
[mountd]
port=4003
[nfsd]
port=2049
port=4001
outgoing-port=4004
And the logs in the slave server show: ypxfr_callback call: RPC: Unable to receive; errno = No route to host
Stopping firewalld and all is well. So what service is using UDP?
Best Answer
The ancient YP/NIS stuff is not at all firewall friendly. It literally predates the wide use of host firewalls. As you've noticed, it expects to be able to communicate on arbitrary ports. Most protocols from the last 20 years or so no longer do this, and run on predictable (or at least configurable) ports.
As a workaround, if you only have one IP address, though, you can just add it to the
trusted
zone in firewalld, and all traffic from that IP address will be allowed. (Sources can also be given by CIDR range or MAC address.)