Re: RPC services - bind to 1 ip?
This might help get you started or give you some ideas.
#
# somewhere in the initscripts after portmap and nfs are running ...
# perhaps in /etc/init.d/nfs-kernel-server
#
IFACE=eth1
NFSPORT=`rpcinfo -p | awk '/udp.*nfs$/ { print $4; }'`
ipchains -A input -i $IFACE -p udp --destination-port $NFSPORT -j DENY
On Fri, Jan 26, 2001 at 11:20:12AM -0800, aphro@portal.aphroland.org wrote:
>
> hi
>
>
> I've been dealing with this for a long time, and was curious if
> anyone knows if it's possible.
>
> I want to force all RPC services to listen only on 1 interface,
> it is VERY VERY difficult to firewall them as they apparently
> choose random ports everytime they load which means i have to
> spend 30 minutes running nmap both TCP and UDP ports 1-65535 and
> verifying what ports are open with lsof and netstat and firewall
> the rpc ones accordingly. this procedure works but it gets
> old after a while :) so i wanna know if i can force rpc services
> to bind to 1 interface, or force them to use the same ports
> everytime(even if i restart NFS it uses new ports) the rpcs:
> rpc.mountd, rpc.statd are the worst offenders for me.. sunrpc
> is good and happily sits on port 111 ...
>
> luckily i don't reboot often but sometimes i need to reload
> the /etc/exports file ......maybe i can do this without
> reloading the nfs services..but that still doesn't solve the
> problem as a whole :) i don't think its possible to run
> rpcs from xinetd ..but if it is i'd like to know how.
>
> thanks!@
>
> nate
Reply to: