From owner-freebsd-questions@FreeBSD.ORG Tue May 23 14:17:41 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3308E16A4A9 for ; Tue, 23 May 2006 14:17:41 +0000 (UTC) (envelope-from david.robillard@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD4C843D8A for ; Tue, 23 May 2006 14:17:30 +0000 (GMT) (envelope-from david.robillard@gmail.com) Received: by nz-out-0102.google.com with SMTP id n1so2180290nzf for ; Tue, 23 May 2006 07:17:29 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=XQdU+KZoEZPbXkNXUE0bLSPNpnSBhSUvGNOpOBisWcrowp9hYGgQXjCKSNH21PqaxqKGfps42dXpooJjxo+13DbP8+GYCFLb/bo8J7iQlWzQu7tCt3bpETh9AFx/laraMWABsuKIiOG2gIHqCQfrg/6USuz3NAL1vxKmf34dmWs= Received: by 10.64.131.10 with SMTP id e10mr1846953qbd; Tue, 23 May 2006 07:17:29 -0700 (PDT) Received: by 10.64.178.10 with HTTP; Tue, 23 May 2006 07:17:29 -0700 (PDT) Message-ID: <226ae0c60605230717p6cf15086y116b2fca5ae289b5@mail.gmail.com> Date: Tue, 23 May 2006 10:17:29 -0400 From: "David Robillard" To: "FreeBSD Questions Mailing List" MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Cc: Steve Kargl Subject: Re: Setting up NIS questions? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 May 2006 14:17:41 -0000 > I have 2 NICS in the master node of a small cluster. > bge0 is connected to the outside world with a FQDN > and registered DNS IP address. bge1 is connected to > a 192.168.0.x internal network. I'm trying to configure > NIS for the internal network, but ypinit is grabbing the > FQDN. I've read the Handbook and ypinit manual page > without too much enlightment. :( > > What I'm after is > > 192.168.0.10 NIS master server > 192.168.0.11 NIS slave server > 192.168.0.[12-15] NIS clients > > Anyone have a pointer to a method to achieve my goals. I would _strongly_ suggest that you run you firewall from another machine instead of using you NIS master for this. This really is Security 101 :) Check out OpenBSD with pf for this purpose or use a Cisco PIX (you can find several on eBay). But if you don't want/can do this, why don't you setup a jail for you NIS master? You can bind the jail to the RFC 1918 IP address range. Therefore, starting up ypbind inside the jail would only see the 192.168.0/24 network and bind to it. See jail(8), jls(8) and jexec(8). You might also want to check mount_nullfs(8) to help you with the jail's ports tree. If you need help with the jail setup, feel free to email me off the list. David --=20 David Robillard UNIX systems administrator CISSP Sun Certified Security Administrator Sun Certified Systems Administrator Montreal: +1 514 966 0122