Re: Question about random UDP port on rpcbind 0.2.3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 01/29/2018 01:44 AM, Naruto Nguyen wrote:
> Hello,
> 
> Just would like to add for more information, when I start rpcbind
> normally, not via systemd, the random UDP is still opened
> 
> Could you please share any ideas on this?
The bound UDP socket is used for remote calls... Where rpcbind
is asked to make a remote RPC for another caller... 

Antiquated? yes.. but harmless.

steved.

> 
> Brs,
> Bao
> 
> On 27 January 2018 at 19:50, Naruto Nguyen <narutonguyen2018@xxxxxxxxx> wrote:
>> I would like to ask you a question regarding the new random UDP port
>> in rpcbind 0.2.3.
>>
>> In rpcbind 0.2.3, when I start rpcbind (version 0.2.3) through
>> rpcbind.service, then I do netstat
>>
>> udp        0      0 0.0.0.0:111             0.0.0.0:*
>>          10408/rpcbind
>> udp        0      0 0.0.0.0:831             0.0.0.0:*
>>          10408/rpcbind
>> udp6       0      0 :::111                  :::*
>>          10408/rpcbind
>> udp6       0      0 :::831                  :::*
>>          10408/rpcbind
>>
>> The rpcbind does not only listen on port 111 but also on a random udp
>> port "831" in this case, this port is changed every time the rpcbind
>> service retstarts. And it listens on 0.0.0.0 so it opens a hole on
>> security. Could you please let me know what this port is for and is
>> there any way to avoid that like force it listen on a internal
>> interface rather than on any interfaces like that? I do not see the
>> random port on rpcbind 0.2.1, not sure why? As the rpcbind is started
>> from systemd so "-h" option is invalid as the man page says:
>>
>>
>>    -h      Specify specific IP addresses to bind to for UDP requests.
>> This option may be specified multiple times and can be used to
>> restrict the interfaces rpcbind will respond to.  Note that when
>> rpcbind is controlled via sys-
>>              temd's socket activation, the -h option is ignored. In
>> this case, you need to edit the ListenStream and ListenDgram
>> definitions in /usr/lib/systemd/system/rpcbind.socket instead.
>>
>> Thanks a lot,
>> Brs,
>> Naruto
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux