LDM: RPC access to portmapper vs firewall

To: ldm-users@xxxxxxxxxxxxxxxx
Subject: LDM: RPC access to portmapper vs firewall
From: Joe VanAndel [mailto:vanandel@xxxxxxxxxxxx]
Date: Wed, 8 May 2002 13:26:20 -0500

It has been my experience that the portmapper must be running and accepting
connections.  The deal with specifying port 388 seems to be bogus.  I run
most of the LDM's here without that line in /etc/services.  The interesting
thing is, if that line is present in /etc/services, the portmapper still
doesn't register the LDM with port 388.  The LDM is uses the port that the
portmapper requested.  Also, all of the unidata scripts seem to work fine
without the port specified.

This is just my network...so try it at your own risk.

Thanks,
Brad Teale
Universal Weather and Aviation, Inc.
<mailto:bteale@xxxxxxxxxxxx>
713-944-1440 ext. 3623 

-----Original Message-----
Sent: Wednesday, May 08, 2002 12:53 PM


I am running LDM on a firewalled machine that doesn't allow access to
remote
portmappers.

http://www.unidata.ucar.edu/packages/ldm/networkSecurityAndSetup.html
states:

================================================
Currently, in order to start, the LDM requires that the portmapper
program, usually called portmap or rcpbind on some systems, be running
so that the LDM can register its remote procedure call (RPC) service.
After that, however, the portmapper is not required because client LDMs
will attempt to connect directly to port 388. Perhaps the best way to
implement a secure LDM server would be to have the portmapper running
but block or limit access to its port, port 111, via either TCP-Wrappers
or a firewall. 

==============================================

However, after restarting ldm on a server, I see the message:

FEEDME(moonbow.rap.ucar.edu): can't contact portmapper: RPC: Unable to
send; errno = Operation not permitted

Reading the source code protocol/h_clnt.c, this message is a result of
an RPC failure.  (And this failure resets the state of the connection.)

For this particular machine, sometimes I see a delay of several minutes
before
I see the message:
 FEEDME(moonbow.rap.ucar.edu): OK

This doesn't happen for the other two machines that are feeding this LDM
server.

Any idea why this error mesage happens on one machine, and not two
others?

Follow-Ups:
- LDM: RPC access to portmapper vs firewall
  - From: Joe VanAndel [mailto:vanandel

2002 messages navigation, sorted by:
1. Thread
2. Subject
3. Author
4. Date
5. ↑ Table Of Contents
Search the ldm-users archives: