Taken from
http://www.ccm.ece.vt.edu/~lscharf/samd/?topic=Linux&title=YP%2FNIS%2C+NFS%2C+RPC%2C+and+lokkit
:
YP/NIS, NFS, RPC, and lokkit
Keywords:
Date Created: 2002-04-05
Author: Luke Scharf luke@vt.edu
Platform:
* RedHat 7.x
Problem:
* ypbind can find the ypserver, but "ypcat passwd" times out
with an
RPC error. "rpcinfo -p" returns a correct-looking list of
portmapped services.
* NFS won't mount an exported directory; RPC times out.
Solution:
You can disable RedHat's built-in firewall by running
/usr/sbin/lokkit.
You can get some measure of security back by using
/etc/hosts.allow and
/etc/hosts.deny.
Explanation:
The RedHat firewall configurator (/usr/sbin/lokkit) sets up
iptables so
that udp traffic is only accepted on specific ports and from
specific
locations (like your DNS servers). The portmapper uses
semi-arbitrary
ports (that's why the ports have to be mapped), so it's a lot
more work
to set up machine-by-machine security.