LDM: RPC access to portmapper vs firewall

the /etc/services basically only substitutes your netstat entries, and
also allows u to call a port by the name when connecting to it... Some of
my systems I havn't bothered putting it in and it works.  I just put it in
to keep a full database of services.  /etc/services is almost like
/etc/passwd in that it maps names with numbers.  We are using a firewall
over here at COD and just allowing TCP 388 thru and thats all we need and
use.  Having no problems with performance.  
So dunno which was the question actually asked but that is 2 answers :)
-dave

On Wed, 8 May 2002, Brad Teale wrote:

It has been my experience that the portmapper must be running and accepting
connections.  The deal with specifying port 388 seems to be bogus.  I run
most of the LDM's here without that line in /etc/services.  The interesting
thing is, if that line is present in /etc/services, the portmapper still
doesn't register the LDM with port 388.  The LDM is uses the port that the
portmapper requested.  Also, all of the unidata scripts seem to work fine
without the port specified.

This is just my network...so try it at your own risk.

Thanks,
Brad Teale
Universal Weather and Aviation, Inc.
<mailto:bteale@xxxxxxxxxxxx>
713-944-1440 ext. 3623 

-----Original Message-----
Sent: Wednesday, May 08, 2002 12:53 PM


I am running LDM on a firewalled machine that doesn't allow access to
remote
portmappers.

http://www.unidata.ucar.edu/packages/ldm/networkSecurityAndSetup.html
states:

================================================
Currently, in order to start, the LDM requires that the portmapper
program, usually called portmap or rcpbind on some systems, be running
so that the LDM can register its remote procedure call (RPC) service.
After that, however, the portmapper is not required because client LDMs
will attempt to connect directly to port 388. Perhaps the best way to
implement a secure LDM server would be to have the portmapper running
but block or limit access to its port, port 111, via either TCP-Wrappers
or a firewall. 

==============================================

However, after restarting ldm on a server, I see the message:

FEEDME(moonbow.rap.ucar.edu): can't contact portmapper: RPC: Unable to
send; errno = Operation not permitted

Reading the source code protocol/h_clnt.c, this message is a result of
an RPC failure.  (And this failure resets the state of the connection.)

For this particular machine, sometimes I see a delay of several minutes
before
I see the message:
 FEEDME(moonbow.rap.ucar.edu): OK

This doesn't happen for the other two machines that are feeding this LDM
server.

Any idea why this error mesage happens on one machine, and not two
others?



-------------------------------------------------------------------------------
David B. Bukowski       |email (work):          bukowski@xxxxxxxxxxxxx
Network Analyst         |email (personal):      davebb@xxxxxxxxxxxxx
College of Dupage       |webpage:       http://www.cshschess.org/davebb/        
Glen Ellyn, Illinois    |pager:                 (708) 241-7655 
http://www.cod.edu/     |work phone:            (630) 942-2591
-------------------------------------------------------------------------------


  • 2002 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the ldm-users archives: