* Kurt Seifried wrote on Thu, Oct 04, 2001 at 03:47 -0600:
rpc is 111. nfs is 2049.
On _your_ linux host running kfsd this may be true. But I couldn't firewall it, since it may change. IIRC uses user-space NFS a different port, for instance.
rpc services are typically dynamic (although many are also static).
"some may be static for some time under certaint circumstance".
yp/etc use rpc to glue it together. I mean otherwise you'd be blindly sending off packets to a server hoping an rpc service is listening on some random port =)
That's for the portmapper is for. But first it's not really secure, and second a firewall will not query portmapper to learn what port is allowed (in case of yp) or prohibited (in case of i.e. ypxfr).
You have to leave 111 available typically so they can figure out what's up.
Of course. And to go for sure, I have to open all other ports, since RPC may use port 998 oder 2048. Open all ports is not a nice firewall :) [full quote cut] oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.