Re: how to disallow nis-client to broadcast on certain interfaces
From: Chafik,Basim (basim.chafik_at_PLX.COM)
Date: 09/24/04
- Previous message: Gipson, Mat: "Re: update_flash: Command not supported"
- Maybe in reply to: Holger.VanKoll_at_SWISSCOM.COM: "how to disallow nis-client to broadcast on certain interfaces"
- Next in thread: Holger.VanKoll_at_SWISSCOM.COM: "Re: how to disallow nis-client to broadcast on certain interfaces"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 24 Sep 2004 10:31:28 -0400 To: aix-l@Princeton.EDU
Holger,
Did you look at implementing NIS securnets by using the file
/var/yp/securnets, for example:
# /var/yp/securenets file
#
# The format of this file is one of more lines of
#
# netmask netaddr
# Both netmask and netaddr must be dotted quads.
#
# Note that for a machine with two Ethernet interfaces (i.e. a gateway
# machine), the IP addresses of both have to be in /var/yp/securenets.
#
# for example:
#255.255.255.0 10.50.242.00
Uncommenting the last line would limit access to hosts on the 10.50.242/24
network, only. You would need to refresh ypserv daemon to take effect.
Basim Chafik
Senior Systems Analyst
IBM Certified Advanced Technical Expert (CATE)
1.800.688.4895
basim.chafik@plx.com
plexus (Division of BancTec)
-----Original Message-----
From: Holger.VanKoll@SWISSCOM.COM [mailto:Holger.VanKoll@SWISSCOM.COM]
Sent: Friday, September 24, 2004 9:52 AM
To: aix-l@Princeton.EDU
Subject: Re: how to disallow nis-client to broadcast on certain interfaces
Hello,
there are different ethernets and different ip-subnets
en1:
flags=7e080863,10<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,
64BIT,CHECKSUM_OFFLOAD,CHECKSUM_SUPPORT,PSEG>
inet 10.50.242.80 netmask 0xffffff00 broadcast 10.50.242.255
inet 10.50.242.85 netmask 0xffffff00 broadcast 10.50.242.255
en2:
flags=7e080863,10<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,
64BIT,CHECKSUM_OFFLOAD,CHECKSUM_SUPPORT,PSEG>
inet 192.168.31.26 netmask 0xffffff00 broadcast 192.168.31.255
en3:
flags=7e080863,10<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,
64BIT,CHECKSUM_OFFLOAD,CHECKSUM_SUPPORT,PSEG>
inet 10.254.18.160 netmask 0xfffff000 broadcast 10.254.31.255
en1 is where nis should talk to
en2 is ip-heartbeat (hacmp)
en3 is separate backup-network.
nis binds to a host in en3-network and i want to restrict it to en1
10.50.242/24
_____
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of
Chafik,Basim
Sent: Friday, September 24, 2004 3:17 PM
To: aix-l@Princeton.EDU
Subject: Re: how to disallow nis-client to broadcast on certain interfaces
Holger,
Are the network interfaces on different subnets or networks and it still
doing this ?
Basim Chafik
Senior Systems Analyst
IBM Certified Advanced Technical Expert (CATE)
1.800.688.4895
basim.chafik@plx.com
plexus (Division of BancTec)
-----Original Message-----
From: Holger.VanKoll@SWISSCOM.COM [mailto:Holger.VanKoll@SWISSCOM.COM]
Sent: Friday, September 24, 2004 4:34 AM
To: aix-l@Princeton.EDU
Subject: how to disallow nis-client to broadcast on certain interfaces
Hello,
to me it looks like that a nis-client broadcasts on all available interfaces
for a nis-server.
I want to disallow ypbind to broadcast on en2 (f.e.)
Does anybody know how to do this?
Regards,
Holger
- Previous message: Gipson, Mat: "Re: update_flash: Command not supported"
- Maybe in reply to: Holger.VanKoll_at_SWISSCOM.COM: "how to disallow nis-client to broadcast on certain interfaces"
- Next in thread: Holger.VanKoll_at_SWISSCOM.COM: "Re: how to disallow nis-client to broadcast on certain interfaces"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
