Re: Bug#638322: nfs-common: rpc.statd binds to udp port 631 preventing cups startup
On Sun, 21 Aug 2011, Henrique de Moraes Holschuh <hmh@debian.org> wrote:
> On Sat, 20 Aug 2011, Andreas Barth wrote:
> > * Henrique de Moraes Holschuh (hmh@debian.org) [110820 14:39]:
> > > Yes. And we can easily maintain a current one for Debian-packaged
> > > software, although the initial build of such a blacklist will take
> > > some work.
> >
> > Actually, the existing interface net.ipv4.ip_local_port_range seems to
> > work quite well. And there are so many ports that for most servers it
# cat /proc/sys/net/ipv4/ip_local_port_range
32768 61000
The above is from one of my systems. This isn't used for RPC, presumably
because they want the special <1024 port numbers that imply root ownership.
> No, it doesn't. And we have at least one extremely important protocol that
> needs as many ports as we can give it (DNS).
Aug 21 11:42:48 ns named[2382]: using default UDP/IPv4 port range: [1024,
65535]
Aug 21 11:42:48 ns named[2382]: using default UDP/IPv6 port range: [1024,
65535]
BIND seems to use ports >1024 as well, again this is different from the
typical RPC issues but does have the potential to cause problems (there are
more than a few UDP ports >1024 in /etc/services). Maybe BIND should be
patched to use the same port reservation procedure as RPC.
> A blacklist is the way to go, and we already have it. We just need to fill
> it, make it easier to extend (.d directory), tell people about it, and
> teach stuff other than SunRPC to use it when necessary.
Yes.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
Reply to: