Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from mail-ot0-f173.google.com ([74.125.82.173]:40739 "EHLO
        mail-ot0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751032AbeA2Go0 (ORCPT
        <rfc822;linux-nfs@vger.kernel.org>); Mon, 29 Jan 2018 01:44:26 -0500
Received: by mail-ot0-f173.google.com with SMTP id x4so5575519otg.7
        for <linux-nfs@vger.kernel.org>; Sun, 28 Jan 2018 22:44:25 -0800 (PST)
MIME-Version: 1.0
In-Reply-To: <CANpxKHE=eKuFc2HBgT0aqDb+Q5EOFWOfCzf=tmmuH7zNyn878g@mail.gmail.com>
References: <CANpxKHE=eKuFc2HBgT0aqDb+Q5EOFWOfCzf=tmmuH7zNyn878g@mail.gmail.com>
From: Naruto Nguyen <narutonguyen2018@gmail.com>
Date: Mon, 29 Jan 2018 13:44:25 +0700
Message-ID: <CANpxKHH3zf_RRnxckHKfvEWL-RNCr_ZePxc0r98Ep0X_JX1BbA@mail.gmail.com>
Subject: Re: Question about random UDP port on rpcbind 0.2.3
To: linux-nfs@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-nfs-owner@vger.kernel.org
List-ID: <linux-nfs.vger.kernel.org>

Hello,

Just would like to add for more information, when I start rpcbind
normally, not via systemd, the random UDP is still opened

Could you please share any ideas on this?

Brs,
Bao

On 27 January 2018 at 19:50, Naruto Nguyen <narutonguyen2018@gmail.com> wrote:
> I would like to ask you a question regarding the new random UDP port
> in rpcbind 0.2.3.
>
> In rpcbind 0.2.3, when I start rpcbind (version 0.2.3) through
> rpcbind.service, then I do netstat
>
> udp        0      0 0.0.0.0:111             0.0.0.0:*
>          10408/rpcbind
> udp        0      0 0.0.0.0:831             0.0.0.0:*
>          10408/rpcbind
> udp6       0      0 :::111                  :::*
>          10408/rpcbind
> udp6       0      0 :::831                  :::*
>          10408/rpcbind
>
> The rpcbind does not only listen on port 111 but also on a random udp
> port "831" in this case, this port is changed every time the rpcbind
> service retstarts. And it listens on 0.0.0.0 so it opens a hole on
> security. Could you please let me know what this port is for and is
> there any way to avoid that like force it listen on a internal
> interface rather than on any interfaces like that? I do not see the
> random port on rpcbind 0.2.1, not sure why? As the rpcbind is started
> from systemd so "-h" option is invalid as the man page says:
>
>
>    -h      Specify specific IP addresses to bind to for UDP requests.
> This option may be specified multiple times and can be used to
> restrict the interfaces rpcbind will respond to.  Note that when
> rpcbind is controlled via sys-
>              temd's socket activation, the -h option is ignored. In
> this case, you need to edit the ListenStream and ListenDgram
> definitions in /usr/lib/systemd/system/rpcbind.socket instead.
>
> Thanks a lot,
> Brs,
> Naruto