I encounter strange behavior of Solaris-based NIS server. When it responds to a query it may use unexpected UPD port, it gets filtered out by the firewall we use.
First successful NIS query with a known name:
15:43:33.248796 IP 192.168.162.162.53436 > 10.64.220.11.952: UDP, length 80
15:43:33.249886 IP 10.64.220.11.952 > 192.168.162.162.53436: UDP, length 96
15:43:35.439197 IP 192.168.162.162.58962 > 10.64.220.11.111: UDP, length 56
15:43:35.440121 IP 10.64.220.11.111 > 192.168.162.162.58962: UDP, length 28
Second NIS query with an unknown name:
15:43:35.444592 IP 192.168.162.162.48698 > 10.64.220.11.952: UDP, length 96
15:43:35.470312 IP 10.64.220.11.60207 > 192.168.162.162.48698: UDP, length 32 <<<< blocked by firewall due to unknown port (60207) was used for reply
Is this valid behavior or sort of known issue? It looks problematic to tune the firewall accordingly without opening it too much.
Now it relies on ESTABLISHED connection which assumes known src/dst IP&ports.
The Solaris being used is pretty old:
Solaris 9 s9_58shwpl3 SPARC
Copyright 2002 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
Assembled 15 April 2002
Any suggestions are welcome,