[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup

On Sun, 21 Aug 2011, Henrique de Moraes Holschuh <hmh@debian.org> wrote:
> On Sat, 20 Aug 2011, Andreas Barth wrote:
> > * Henrique de Moraes Holschuh (hmh@debian.org) [110820 14:39]:
> > > Yes.  And we can easily maintain a current one for Debian-packaged
> > > software, although the initial build of such a blacklist will take
> > > some work.
> > 
> > Actually, the existing interface net.ipv4.ip_local_port_range seems to
> > work quite well. And there are so many ports that for most servers it

# cat /proc/sys/net/ipv4/ip_local_port_range 
32768   61000

The above is from one of my systems.  This isn't used for RPC, presumably 
because they want the special <1024 port numbers that imply root ownership.

> No, it doesn't.  And we have at least one extremely important protocol that
> needs as many ports as we can give it (DNS).

Aug 21 11:42:48 ns named[2382]: using default UDP/IPv4 port range: [1024, 
Aug 21 11:42:48 ns named[2382]: using default UDP/IPv6 port range: [1024, 

BIND seems to use ports >1024 as well, again this is different from the 
typical RPC issues but does have the potential to cause problems (there are 
more than a few UDP ports >1024 in /etc/services).  Maybe BIND should be 
patched to use the same port reservation procedure as RPC.
> A blacklist is the way to go, and we already have it.  We just need to fill
> it, make it easier to extend (.d directory), tell people about it, and
> teach stuff other than SunRPC to use it when necessary.


My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

Reply to: