Re: Port 111

To: debian-firewall@lists.debian.org
Subject: Re: Port 111
From: Daniel Pittman <daniel@rimspace.net>
Date: Sun, 31 Oct 2004 17:24:30 +1100
Message-id: <[🔎] 873bzv2yn5.fsf@enki.rimspace.net>
References: <[🔎] 4182CA68.DE2A6972@pirdop.digsys.bg> <[🔎] 87u0sd64u4.fsf@enki.rimspace.net> <8e1ee2a30410292019512a89fa@mail.gmail.com> <[🔎] 87vfcs4pve.fsf@enki.rimspace.net> <[🔎] 65349.68.125.78.217.1099199752.squirrel@68.125.78.217>

On 31 Oct 2004, JM wrote:

As an administrative note, your message shows up in the same thread as a
previous but unrelated topic.  Please don't reply to a message, then
delete the entire content and start up on a new subject.

The things that the 'reply' button sets up, but that are not visible,
really make reading a threaded group much less comfortable.  If you had
done this in a thread that I had not participated in, in fact, there was
a good chance I would never have seen your message at all.

> Recently, I realized that port 111 (portmap) was open. It was previously
> closed according to bastille-firewall.

Do you mean that port 111 was exposed to the Internet, or simply that
something was listening on that port?

> '/etc/init.d/portmap stop' gives Stopping portmap daemon: portmap.  

[...]

> if I turn on portmap:
>
> root@apeiron:/home/joe/download-jose# netstat -lnp | grep 111
> tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2045/portmap

[...]

> I wonder what is the reason of this behavior.

I presume you mean, "what does portmap do";  if not, please restate your
question.

The RPC mechanism used under Unix for services such as NFS communicate
on a randomly assigned port[1]. In order to locate a service endpoint,
your system needs to talk to the server and find out where that service
runs.

The 'portmap' process is the tool used to do that.  You can query it to
find out where various RPC services are running on your machine.

To actually see what it supports (while it is running), try:

] rpcinfo -p

On my system, this gives:

   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp    940  status
    100024    1   tcp    943  status
    100021    1   udp  33356  nlockmgr
    100021    3   udp  33356  nlockmgr
    100021    4   udp  33356  nlockmgr
    100021    1   tcp  46052  nlockmgr
    100021    3   tcp  46052  nlockmgr
    100021    4   tcp  46052  nlockmgr

That is, the portmapper process itself, and some NFS related
functionality.

Regards,
        Daniel

Footnotes: 
[1]  By default.

-- 
The past is a foreign country: they do things differently there.
        -- L P Hartley, _The Go-Between_

Reply to:

References:
- NAT
  - From: office <office@pirdop.digsys.bg>
- Re: NAT
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: NAT
  - From: Daniel Pittman <daniel@rimspace.net>
- Port 111
  - From: "JM" <jmm19@humboldt.edu>

Prev by Date: Port 111
Next by Date: enable rp_filter
Previous by thread: Port 111
Next by thread: Abwesenheitsnotiz: notice!
Index(es):
- Date
- Thread