0 Replies Latest reply on Nov 10, 2016 3:31 PM by 88d865b2-9dcc-4cd5-9434-87b27a83a533

    Solaris NIS: UDP ports

    88d865b2-9dcc-4cd5-9434-87b27a83a533

      Hello,

       

      I encounter strange behavior of Solaris-based NIS server. When it responds to a query it may use unexpected UPD port, it gets filtered out by the firewall we use.

       

      First successful NIS query with a known name:

      15:43:33.248796 IP 192.168.162.162.53436 > 10.64.220.11.952: UDP, length 80

      15:43:33.249886 IP 10.64.220.11.952 > 192.168.162.162.53436: UDP, length 96

       

      15:43:35.439197 IP 192.168.162.162.58962 > 10.64.220.11.111: UDP, length 56

      15:43:35.440121 IP 10.64.220.11.111 > 192.168.162.162.58962: UDP, length 28

       

      Second NIS query with an unknown name:

      15:43:35.444592 IP 192.168.162.162.48698 > 10.64.220.11.952: UDP, length 96

      15:43:35.470312 IP 10.64.220.11.60207 > 192.168.162.162.48698: UDP, length 32   <<<< blocked by firewall due  to unknown port (60207) was used for reply

       

      Is this valid behavior or sort of known issue? It looks problematic to tune the firewall accordingly without opening it too much.

      Now it relies on ESTABLISHED connection which assumes known src/dst IP&ports.

       

      The Solaris being used is pretty old:

      Solaris 9 s9_58shwpl3 SPARC

      Copyright 2002 Sun Microsystems, Inc.  All Rights Reserved.

      Use is subject to license terms.

      Assembled 15 April 2002

       

      Any suggestions are welcome,

      Thanks,

      Pavel