HPE Community
Operating System - HP-UX
1820257 Members
2829 Online
109622 Solutions
New Discussion юеВ

what port range does rpc.mountd use?

 
Kevin Sorohan
Occasional Advisor

тАО05-17-2005 11:06 PM

тАО05-17-2005 11:06 PM

what port range does rpc.mountd use?

Hi,

We have some 3rd party windows servers on our site that use pcnfs to mount filesystems from our unix servers. We need to put a firewall in between as its a 3rd party connection. Unfortunately i've been struggling with how to firewall NFS. I've read a couple of forum strings which suggest its impossible.

I know we need to open up ports 2049 and 111 but rpc.mountd uses dynamic port numbers?
Does anyone know what range of ports rpc.mountd uses? As some sort of firewall would be better than none?
0 Kudos
Reply
10 REPLIES 10
harry d brown jr
Honored Contributor

тАО05-17-2005 11:23 PM

тАО05-17-2005 11:23 PM

Re: what port range does rpc.mountd use?


Why not use smb (samba or cifs 9000) ?

live free or die
harry d brown jr

Live Free or Die
0 Kudos
Reply
harry d brown jr
Honored Contributor

тАО05-18-2005 12:27 AM

тАО05-18-2005 12:27 AM

Re: what port range does rpc.mountd use?

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B8725AA

get it for FREE and your PC users don't need pcnfs to connect to the fileshare. They would connect using their windoze filedestroyer -> Tools -> Map network Drive


live free or die
harry d brown jr
Live Free or Die
0 Kudos
Reply
Kevin Sorohan
Occasional Advisor

тАО05-18-2005 12:41 AM

тАО05-18-2005 12:41 AM

Re: what port range does rpc.mountd use?

Unfortunately we don't have that option, we have no control over the windows servers as they are 3rd party maintained and owned. The they are running at the moment is the only supported configuration for the application in use, so we're stuck with NFS.

I just wanted to know what is the range of ports that rpc.mountd can use. It will mean leaving a lot of open ports between the source and dest ip's but it's better than nothing and would passify audit.
0 Kudos
Reply
Ermin Borovac
Honored Contributor

тАО05-18-2005 12:49 AM

тАО05-18-2005 12:49 AM

Re: what port range does rpc.mountd use?

rpc.mountd uses different port each time it's started. I believe that it allocates available port in the range 48000 - 64000.

# rpcinfo -p | grep mountd
0 Kudos
Reply
Kevin Sorohan
Occasional Advisor

тАО05-18-2005 12:57 AM

тАО05-18-2005 12:57 AM

Re: what port range does rpc.mountd use?

thanks,

The port range was what i was looking for.
0 Kudos
Reply
Gopi Sekar
Honored Contributor

тАО05-18-2005 01:21 AM

тАО05-18-2005 01:21 AM

Re: what port range does rpc.mountd use?

The Dynamic and/or Private Ports are those from 49152 through 65535

So its most likely that portmap/mountd service uses one of these

Regards,
Gopi
Never Never Never Giveup
0 Kudos
Reply
harry d brown jr
Honored Contributor

тАО05-18-2005 01:40 AM

тАО05-18-2005 01:40 AM

Re: what port range does rpc.mountd use?

Kevin,

The port number ranges are going to depend upon your OS release and patch level (see http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000063248419 for details).

Also, being that they are PC users, again see above link the port ranges might not mean a thing.

This is why I was pushing you towards using SAMBA. The windoze PC user or windoze server does NOT have to install ANY software because SMB/CIFS is native to windoze boxes.

live free or die
harry d brown jr
Live Free or Die
0 Kudos
Reply
Kevin Sorohan
Occasional Advisor

тАО05-18-2005 01:58 AM

тАО05-18-2005 01:58 AM

Re: what port range does rpc.mountd use?

The windows machines currently have Hummingbird nfs installed and use that to mount the exported nfs filesystems. The Application we run which is very mission critical is only supported if this configuration is used, its also a bit of an industry standard method for the transfer of this specific data.

So we have to go with the existing config. Thats not in our hands.

The issue arises from the fact that it allows a 3rd party (although trusted) access to our lan.

We're running HPUX 11.00 with a conservative patching strategy.
0 Kudos
Reply
Dermot Beirne
Frequent Advisor

тАО05-18-2005 11:56 PM

тАО05-18-2005 11:56 PM

Re: what port range does rpc.mountd use?

I let through ports 111 (udp), 113(tcp/udp) and 2049(udp) to allow my HPUX10.20 box to map an nfs drive from a linux box outside a firewall.
The linux box also has a software firewall (shorewall) running on it.
It needed the rules 111,699,1026,1034,1036,1039,2049,32771 (udp) allowed to the hpux box.
As the others have said, some of the ports are dynamic, and will change if the connection gets broken. Maybe i've been lucky, but I've only had to change them once (in 2 years), when the network connection went down.

I found the new ports to use by monitoring the firewall while attempting a mount. It's very messy, but like you I don't have full control of the situation and cannot alter everything as i might like.

Dj

Happy is harder than money. Anyone who thinks money will make them happy, doesn't have money.
0 Kudos
Reply
Kevin Sorohan
Occasional Advisor

тАО05-19-2005 12:14 AM

тАО05-19-2005 12:14 AM

Re: what port range does rpc.mountd use?

Dermot,

Thanks for your reply.

Unfortunately the filesystem that is being nfs mounted gets unmounted every night as part of a business copy procedure, so we could end up with a new port being used every day. Our firewall infrastructure is also managed by a 3rd party and at ├В┬г2150 per firewall rule request its not really an option to keep reconfiguring the firewall each time we do a business copy.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.