statd/lockd startup failure
Rick Macklem
rmacklem at uoguelph.ca
Sun Feb 20 18:11:04 UTC 2011
> Hi--
>
> On Feb 19, 2011, at 1:16 PM, Rick Macklem wrote:
> > Well, that was what I was proposing. I could be wrong, but as far as
> > I
> > know, this is allowed by Sun RPC. The port#s are assigned
> > dynamically and
> > registered with rpcbind. (I don't necessarily agree with the design,
> > but
> > this was/is how Sun RPC does it. The philosophy was/is that apps.
> > don't know
> > what port# is being used and shouldn't care. If sysadmins want to
> > use a
> > fixed port#, they can use command line options to override the
> > default
> > dynamic assignment. And, yes, this is one reason that Sun RPC is a
> > pita
> > w.r.t. firewalls. 1980s design...)
>
> Trying to force SunRPC and old NFS through fixed ports in order to
> pass through a firewall sounds like a lot more work, and weakens the
> security of a firewall to such a significant extent that I have to
> wonder if it is the right problem to solve. :-)
>
> Why not setup a VPN via OpenVPN/IPSec/ssh+ppp/etc...?
>
Well, the discussion was how to fix a problem where the dynamically
assigned port# for one of (udp,tcp X ip6,ip4) wasn't available for
the others. The test patch I posted allowed each of the four to select
different port#s. The daemons already allow specification of a fixed
port# (-p option) for anyone who wants a fixed port#. (And yes, I see
not being able to run this stuff through a firewall a feature and not
a bug.)
rick
More information about the freebsd-stable
mailing list