Return-Path: Received: from mx1.redhat.com ([209.132.183.28]:55852 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751678AbeAaTby (ORCPT ); Wed, 31 Jan 2018 14:31:54 -0500 Subject: Re: Question about random UDP port on rpcbind 0.2.3 To: Naruto Nguyen , linux-nfs@vger.kernel.org References: From: Steve Dickson Message-ID: <47c040cf-d0a8-eb42-a276-9bc2e264ff6e@RedHat.com> Date: Wed, 31 Jan 2018 14:31:53 -0500 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Sender: linux-nfs-owner@vger.kernel.org List-ID: On 01/29/2018 01:44 AM, Naruto Nguyen wrote: > Hello, > > Just would like to add for more information, when I start rpcbind > normally, not via systemd, the random UDP is still opened > > Could you please share any ideas on this? The bound UDP socket is used for remote calls... Where rpcbind is asked to make a remote RPC for another caller... Antiquated? yes.. but harmless. steved. > > Brs, > Bao > > On 27 January 2018 at 19:50, Naruto Nguyen wrote: >> I would like to ask you a question regarding the new random UDP port >> in rpcbind 0.2.3. >> >> In rpcbind 0.2.3, when I start rpcbind (version 0.2.3) through >> rpcbind.service, then I do netstat >> >> udp 0 0 0.0.0.0:111 0.0.0.0:* >> 10408/rpcbind >> udp 0 0 0.0.0.0:831 0.0.0.0:* >> 10408/rpcbind >> udp6 0 0 :::111 :::* >> 10408/rpcbind >> udp6 0 0 :::831 :::* >> 10408/rpcbind >> >> The rpcbind does not only listen on port 111 but also on a random udp >> port "831" in this case, this port is changed every time the rpcbind >> service retstarts. And it listens on 0.0.0.0 so it opens a hole on >> security. Could you please let me know what this port is for and is >> there any way to avoid that like force it listen on a internal >> interface rather than on any interfaces like that? I do not see the >> random port on rpcbind 0.2.1, not sure why? As the rpcbind is started >> from systemd so "-h" option is invalid as the man page says: >> >> >> -h Specify specific IP addresses to bind to for UDP requests. >> This option may be specified multiple times and can be used to >> restrict the interfaces rpcbind will respond to. Note that when >> rpcbind is controlled via sys- >> temd's socket activation, the -h option is ignored. In >> this case, you need to edit the ListenStream and ListenDgram >> definitions in /usr/lib/systemd/system/rpcbind.socket instead. >> >> Thanks a lot, >> Brs, >> Naruto > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html >