On all of my machines, rpc.statd picks a (seemingly) random port < 1023,
but one machine is acting differently: It will bind to one random port <
1023, then it will bind to both TCP and UDP on a high port, usually in the
32xxx range.
Is that normal (or potentially normal) behavior, or should I be giving
heed to the red lights and sirens that are going off in my head? If it is
potentially normal, how would I go about making it use only low,
priveliged ports, which are a lot easier to block at the firewall?
steve
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Use the -o and -p options to rpc.statd for outgoing requests and listening,
respectively. See the manpage for statd.
---
Bruce Allan <[email protected]>
Software Engineer, Linux Technology Center
IBM Corporation, Beaverton OR
503-578-4187 IBM Tie-line 775-4187
"Steve Wolfe"
<[email protected]> To: <[email protected]>
Sent by: cc:
[email protected] Subject: [NFS] rpc.statd and port usage...
ceforge.net
03/22/2002 11:13 AM
On all of my machines, rpc.statd picks a (seemingly) random port < 1023,
but one machine is acting differently: It will bind to one random port <
1023, then it will bind to both TCP and UDP on a high port, usually in the
32xxx range.
Is that normal (or potentially normal) behavior, or should I be giving
heed to the red lights and sirens that are going off in my head? If it is
potentially normal, how would I go about making it use only low,
priveliged ports, which are a lot easier to block at the firewall?
steve
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
> Use the -o and -p options to rpc.statd for outgoing requests and
listening,
> respectively. See the manpage for statd.
Well, it turned out that the original RedHat files were still in /sbin,
which came before /usr/sbin in the path, so I had to move those out of the
way to get the new nfs-utils to load, now the -p works like a charm.
I can't find any way to get the lock manager to bind to a low port,
however.... are there no options for that one? Despite the "all:all" in
/etc/hosts.deny, I always feel safer if outside traffic can't get to the
program in the first place....
steve
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs