rpcbind opening random insecure(?) ports?
Arthur Chance
freebsd at qeng-ho.org
Wed Sep 2 15:58:47 UTC 2020
On 02/09/2020 16:55, Yuri Pankov wrote:
> Arthur Chance wrote:
>> I have a multi-homed server that I use, amongst other things, as an NFS
>> server for my lan. To stop them being visible on the other interfaces
>> rpcbind, nfsd and mountd all have -h command arguments restricting them
>> to the lan's IPv4 and IPv6 addresses. This works fine for nfsd and
>> mountd, but sockstat -l shows rpcbind opening unrestricted ports
>>
>> USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
>> root rpcbind 18959 5 stream /var/run/rpcbind.sock
>> root rpcbind 18959 6 udp6 ::1:111 *:*
>> root rpcbind 18959 7 udp6 2a02:8010:64c9:1::3:111 *:*
>> root rpcbind 18959 8 udp6 *:765 *:*
>> root rpcbind 18959 9 tcp6 ::1:111 *:*
>> root rpcbind 18959 10 tcp6 2a02:8010:64c9:1::3:111 *:*
>> root rpcbind 18959 11 udp4 127.0.0.1:111 *:*
>> root rpcbind 18959 12 udp4 172.23.1.3:111 *:*
>> root rpcbind 18959 13 udp4 *:778 *:*
>> root rpcbind 18959 14 tcp4 127.0.0.1:111 *:*
>> root rpcbind 18959 15 tcp4 172.23.1.3:111 *:*
>> root rpcbind 18959 17 udp6 *:* *:*
>>
>> Note the *:765 and *:* ports listening on udp6 and *:778 port on udp4.
>>
>> Why is it doing this and how do I stop it?
>>
>> This is on amd64 12.1-RELEASE-p8, not using NFSv4.
>
> What does `rpcinfo -p` think about it?
It only shows the port 111 sockets:
root at nas:0# rpcinfo -p
program vers proto port service
100000 4 tcp 111 rpcbind
100000 3 tcp 111 rpcbind
100000 2 tcp 111 rpcbind
100000 4 udp 111 rpcbind
100000 3 udp 111 rpcbind
100000 2 udp 111 rpcbind
100000 4 local 111 rpcbind
100000 3 local 111 rpcbind
100000 2 local 111 rpcbind
100005 1 udp 954 mountd
100005 3 udp 954 mountd
100005 1 tcp 954 mountd
100005 3 tcp 954 mountd
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
--
The number of people predicting the demise of Moore's Law doubles
every 18 months.
More information about the freebsd-questions
mailing list