rpcbind opening random insecure(?) ports?

Yuri Pankov ypankov at xsmail.com
Wed Sep 2 15:55:28 UTC 2020


Arthur Chance wrote:
> I have a multi-homed server that I use, amongst other things, as an NFS
> server for my lan. To stop them being visible on the other interfaces
> rpcbind, nfsd and mountd all have -h command arguments restricting them
> to the lan's IPv4 and IPv6 addresses. This works fine for nfsd and
> mountd, but sockstat -l shows rpcbind opening unrestricted ports
> 
> USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
> root     rpcbind    18959 5  stream /var/run/rpcbind.sock
> root     rpcbind    18959 6  udp6   ::1:111               *:*
> root     rpcbind    18959 7  udp6   2a02:8010:64c9:1::3:111 *:*
> root     rpcbind    18959 8  udp6   *:765                 *:*
> root     rpcbind    18959 9  tcp6   ::1:111               *:*
> root     rpcbind    18959 10 tcp6   2a02:8010:64c9:1::3:111 *:*
> root     rpcbind    18959 11 udp4   127.0.0.1:111         *:*
> root     rpcbind    18959 12 udp4   172.23.1.3:111        *:*
> root     rpcbind    18959 13 udp4   *:778                 *:*
> root     rpcbind    18959 14 tcp4   127.0.0.1:111         *:*
> root     rpcbind    18959 15 tcp4   172.23.1.3:111        *:*
> root     rpcbind    18959 17 udp6   *:*                   *:*
> 
> Note the *:765 and *:* ports listening on udp6 and *:778 port on udp4.
> 
> Why is it doing this and how do I stop it?
> 
> This is on amd64 12.1-RELEASE-p8, not using NFSv4.

What does `rpcinfo -p` think about it?


More information about the freebsd-questions mailing list