- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Operating System - Tru64 Unix
- >
- Is it possible to fix port ranges for NFS processe...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2012 03:22 AM - edited 12-18-2012 12:39 AM
12-12-2012 03:22 AM - edited 12-18-2012 12:39 AM
Hi all,
"rpcinfo" reports the following ports opened in a Tru64 (v.5.1B) NFS server
oneserver# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100005 1 udp 683 mountd
100005 3 udp 683 mountd
100005 1 tcp 689 mountd
100005 3 tcp 689 mountd
100003 2 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 udp 2049 nfs
100003 3 tcp 2049 nfs
100024 1 udp 1026 status
100024 1 tcp 1024 status
100021 1 tcp 1025 nlockmgr
100021 2 tcp 1025 nlockmgr
100021 3 tcp 1025 nlockmgr
100021 4 tcp 1025 nlockmgr
100020 3 tcp 1025 llockmgr
100021 1 udp 1027 nlockmgr
100021 2 udp 1027 nlockmgr
100021 3 udp 1027 nlockmgr
100021 4 udp 1027 nlockmgr
100020 3 udp 1027 llockmgr
100012 1 udp 1032 sprayd
100068 2 udp 1033 rpc.cmsd
100068 3 udp 1033 rpc.cmsd
100068 4 udp 1033 rpc.cmsd
100083 1 tcp 1028 rpc.ttdbserverd
But in other NFS server some of the ports used by the NFS protocol (nlockmgr, mountd, status ...etc.) are different, (as usual for NFS v.2 and v.3)
otherserver# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100012 1 udp 1032 sprayd
100068 2 udp 1033 rpc.cmsd
100068 3 udp 1033 rpc.cmsd
100068 4 udp 1033 rpc.cmsd
100083 1 tcp 1029 rpc.ttdbserverd
105005 1 tcp 1030
105004 1 udp 1034
100005 1 udp 939 mountd
100005 3 udp 939 mountd
100005 1 tcp 945 mountd
100005 3 tcp 945 mountd
100003 2 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 udp 2049 nfs
100003 3 tcp 2049 nfs
100024 1 udp 2580 status
100024 1 tcp 1422 status
100021 1 tcp 1429 nlockmgr
100021 2 tcp 1429 nlockmgr
100021 3 tcp 1429 nlockmgr
100021 4 tcp 1429 nlockmgr
100020 3 tcp 1429 llockmgr
100021 1 udp 2581 nlockmgr
100021 2 udp 2581 nlockmgr
100021 3 udp 2581 nlockmgr
100021 4 udp 2581 nlockmgr
100020 3 udp 2581 llockmgr
105005 1 udp 4392
Is it possible to fix the port ranges used by NFS protocol processes (portmapper,mountd, status ...) in Tru64 UNIX v. 5.1B in order to let them through a firewall?.
In case this is not an option in Tru64,
Which port ranges has to be reserved in the firewalls to be sure NFS traffic is not blocked?
Which is the algorithm to choose a new free port for those NFS processes ?.
TIA, Javier.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-27-2012 10:42 PM
12-27-2012 10:42 PM
SolutionOriginally, all the SunRPC services (including the NFS services) except the portmapper used to use whatever random ports the OS gave them. The only way to know the current port numbers was to contact the portmapper service first, which would always be in port 111 and would know where the rest of the services are on the current host. The ability to use fixed port numbers is a later development, mostly because firewalls have become common.
In Tru64, the "nfs" service is always in port 2049, which is the standard convention. The "mountd" uses a privileged port by default, i.e. a port number that is less than 1024. The rest of the SunRPC servers use unprivileged ports, i.e. port numbers 1024 or greater. Usually, a service that needs an unprivileged port simply picks the first free port in the range of 1024 or greater at the time it starts up. The privileged ports have a specific OS version dependent port range (nnn..1023), and I don't know the specific privileged port range for Tru64.
Unfortunately, it looks like there is no way to specify fixed port numbers for NFS services in Tru64.
Some firewalls can solve this problem by snooping on the traffic of port 111. By analyzing the portmapper responses, the firewall can identify the service requested and learn which port the service is currently in, and then allow the connection to the appropriate port if the service is allowed in the firewall rules.
(If your firewall can do this, it should have a way to specify firewall rules by either SunRPC service names or program ID numbers, instead of by TCP/UDP port numbers. You can find the known program IDs in the /etc/rpc file on your system.)