LDM: RPC access to portmapper vs firewall

It has been my experience that the portmapper must be running and accepting
connections.  The deal with specifying port 388 seems to be bogus.  I run
most of the LDM's here without that line in /etc/services.  The interesting
thing is, if that line is present in /etc/services, the portmapper still
doesn't register the LDM with port 388.  The LDM is uses the port that the
portmapper requested.  Also, all of the unidata scripts seem to work fine
without the port specified.

This is just my network...so try it at your own risk.

Brad Teale
Universal Weather and Aviation, Inc.
713-944-1440 ext. 3623 

-----Original Message-----
Sent: Wednesday, May 08, 2002 12:53 PM

I am running LDM on a firewalled machine that doesn't allow access to


Currently, in order to start, the LDM requires that the portmapper
program, usually called portmap or rcpbind on some systems, be running
so that the LDM can register its remote procedure call (RPC) service.
After that, however, the portmapper is not required because client LDMs
will attempt to connect directly to port 388. Perhaps the best way to
implement a secure LDM server would be to have the portmapper running
but block or limit access to its port, port 111, via either TCP-Wrappers
or a firewall. 


However, after restarting ldm on a server, I see the message:

FEEDME(moonbow.rap.ucar.edu): can't contact portmapper: RPC: Unable to
send; errno = Operation not permitted

Reading the source code protocol/h_clnt.c, this message is a result of
an RPC failure.  (And this failure resets the state of the connection.)

For this particular machine, sometimes I see a delay of several minutes
I see the message:
 FEEDME(moonbow.rap.ucar.edu): OK

This doesn't happen for the other two machines that are feeding this LDM

Any idea why this error mesage happens on one machine, and not two