NFS with firewall
Luciano Miguel Ferreira Rocha
strange at nsk.no-ip.org
Sat May 8 13:50:42 UTC 2004
On Sat, May 08, 2004 at 09:07:37AM -0400, Stuart Lowe wrote:
> So rpcinfo will not show ports that are specified for outgoing requests,
> then?
No, portmap registers ports for servicing by clients, not that the services
will use by themselves.
> If no ports are specified at all, then in the case of statd, it looks
> like two different ports are being assigned (by portmapper I assume) to
> listen for requests - one for tcp and one for udp. Is this a correct
> statement?
Yes. A RPC call may use any one of those IP protocols, and a different
port may be assigned for each. Not usually done, though.
> I was just looking for a way to confirm my setting of STATD_PORT and
> STATD_OUTGOING_PORT and got all bothered when I couldn't see
> STATD_OUTGOING_PORT with rcpinfo. If I'm setting up a firewall that is
> only dealing with incoming, then maybe I shouldn't be worried about
> setting STATD_OUTGOING_PORT eh?
I'm not that familiar with statd, but I assume STATD_OUTGOING_PORT would
only be used when the daemon needs to make requests of its own (and not
the replies). The manual page isn't that clear on this one.
Don't worry about that setting, but if you do, just make iptables spew a
few denied packets to the log file, start the services, see if it works,
and after some time check the log for denied statd outgoing requests.
Regards,
Luciano Rocha
--
Consciousness: that annoying time between naps.
More information about the fedora-list
mailing list