[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

20040623: RPC port and LDM

>From: David Knight <address@hidden>
>Organization: SUNYA
>Keywords: 200406231857.i5NIvxWb020974 LDM portmap

Hi David,

>     We are running the LDM 6.0.14 on both our
>IDD machines (gusher for Unidata feeds, Striker2
>for NLDN feed).

Sounds good.  We will be releasing a new version of the LDM-6 in the
not too distant future.  This version will have some subtle bugfixes
that don't seem to affect users at the moment, and a fix for statistics
reporting (both pqbinstats and rtstats) that will only affect sites
receiving all of the CRAFT feed (or, at least, > 96 CRAFT radars).
Just a heads-up...

>     I seem to remember something about the LDM
>no longer requiring access to RPC port 111.

Correct.

>I'd like to close that port at our firewall
>if possible, but, don't want to risk affecting
>our downstream sites. If I do close that port
>(actually do not specifically open it) would
>that risk some of our downstream sites not being
>able to receive data?

No.  Things will continue working correctly as long as you installed
'rpc.ldmd' and 'hupsyslog' with setuid 'root' privilege.  This is done
by the 'make install_setuids' as 'root' (or in a 'sudo').  If you did
not do this last step, then you must continue to run the portmapper.

To refresh your memory on LDM installs, the procedure is:

cd ldm-6.0.14/src
./configure
make
make install
sudo make install_setuids

>     We run both our LDMs on port 388, so, it is
>my understanding that downstream sites do not
>need to access portmapper on port 111, but,
>I want to confirm this before we block it.

You are correct.

>Thanks

No worries.

Cheers,

Tom
--
NOTE: All email exchanges with Unidata User Support are recorded in the
Unidata inquiry tracking system and then made publically available
through the web.  If you do not want to have your interactions made
available in this way, you must let us know in each email you send to us.