Re: RPC services - bind to 1 ip?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> I've been dealing with this for a long time, and was curious if anyone
> knows if it's possible.
>
> I want to force all RPC services to listen only on 1 interface, it is
> VERY VERY difficult to firewall them as they apparently choose random
> ports everytime they load which means i have to spend 30 minutes
> running nmap both TCP and UDP ports 1-65535 and verifying what ports
> are open with lsof and netstat and firewall the rpc ones accordingly.
> this procedure works but it gets old after a while :) so i wanna know
> if i can force rpc services to bind to 1 interface, or force them to
> use the same ports everytime(even if i restart NFS it uses new ports)
> the rpcs: rpc.mountd, rpc.statd are the worst offenders for me..
> sunrpc is good and happily sits on port 111 ...
>
> luckily i don't reboot often but sometimes i need to reload the
> /etc/exports file ......maybe i can do this without reloading the nfs
> services..but that still doesn't solve the problem as a whole :) i
> don't think its possible to run rpcs from xinetd ..but if it is i'd
> like to know how.
There isn't a way that I know of to force the rpc services to bind
specific IPs. If you find one I'd like to hear about it :)
What I usually end up doing is setup a good "default-deny" firewall to
keep things clean.
- --
- ----------------------------------------------------------------------
Phil Brutsche pbrutsch@tux.creighton.edu
GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC
GPG key id: 50DE1CFC
GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6ckN//ZTSZFDeHPwRAuMqAKDHf+ePaYS5Mfa79bDNdJ5zmwre2gCgy2VI
F8+Tqr0KoUGh1owuVOjSbaI=
=Orag
-----END PGP SIGNATURE-----
Reply to: