LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Solaris / OpenSolaris (http://www.linuxquestions.org/questions/solaris-opensolaris-20/)
-   -   Controlling port range of RPC ports? (http://www.linuxquestions.org/questions/solaris-opensolaris-20/controlling-port-range-of-rpc-ports-4175432309/)

gatsby 10-15-2012 10:40 AM

Controlling port range of RPC ports?
 
I'm trying to move some RPC-based services behind a firewall (the ancient NIS+ service, specifically).

Is there any potential way to control/specify the range of RPC ports so I can more easily firewall this machine? The default behavior seems to be that RPC services can attach anywhere from the mid-30000s to the mid-60000s. Thanks in advance for any assistance.

tshikose 11-09-2012 02:22 AM

Hi,

The answer is yes.
I think you need to add lines such the below in (I have never really set up NIS) one of /etc/sysconfig/network, /etc/sysconfig/nis, /etc/ypserv.conf.

YPSERV_ARGS="-p 10001" # This is obviously the main TCP port you want to fix to a not used high port
YPPASSWDD_ARGS="-p 10002" # If you also run the service that enables the password change
YPXFRD_ARGS="-p 10003" # If you also have replication, slave or secondary NIS servers

gatsby 11-10-2012 02:01 PM

I spoke to Oracle/Solaris support about this issue, and there is no way to predefine the port range of the ports the NIS+ services listen on. To move this service behind a hardware firewall that is not stateful, the NIS+ master must be allowed to communicate to basically TCP/UDP 32000 to TCP/UDP 65000 on the NIS+ client.

From Oracle Support, "There is no method of determining which ports will be used, hence there is no way to configure fixed port numbers to achieve this."

tshikose 11-12-2012 01:09 AM

Hi,

Which version of Linux and flavour are you using?
On Red Hat based Linux it is possible and easy as the steps I lead you to in my previous post.

jlliagre 11-12-2012 02:02 AM

Quote:

Originally Posted by tshikose (Post 4827411)
Which version of Linux and flavour are you using?

None. Have a closer look at this forum name and last gatsby's answer ;-)

tshikose 11-12-2012 03:03 AM

Hi,

Yeah, I had just noticed it is a Solaris / OpenSolaris forum.
But still try what I had suggested.
It might work. Who knows!

jlliagre 11-12-2012 04:15 AM

Quote:

Originally Posted by tshikose (Post 4827445)
Yeah, I had just noticed it is a Solaris / OpenSolaris forum.
But still try what I had suggested.
It might work. Who knows!

It won't as not only Solaris doesn't has/use the configuration files you suggested but the OP is asking about NIS+ which is a very very different beast than NIS.


All times are GMT -5. The time now is 06:08 AM.