-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have on many occasions run into the situation where the RPC based services have occupied the well-known ports for other non-RPC based services. Last week rpc.lockd on one of my systems got hold of TCP port 995, leaving inetd unable to start any pop3s services. The easy cure is to add this line # BEFORE: rpcbind to /etc/rc.d/inetd. You might want to consider fixing /etc/rc.d/inetd prior to the release of 6.2. Best regards, Trond Endrest?l, Systems Administrator, Gj?vik Technical College, Norway. - -- - ---------------------------------------------------------------------- Trond Endrest?l | trond@fagskolen.gjovik.no Patron of The Art of Computer Programming| FreeBSD 6.1-S & Pine 4.64 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFNHxebYWZalUoElsRAjUQAJ9BsZnPnngCg39kRntWVbZfxrcSRgCfa5uK YvKUYCQFVQAmde4tBBG+baA=oXfQ -----END PGP SIGNATURE-----
Trond Endrest?l wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I have on many occasions run into the situation where the RPC based > services have occupied the well-known ports for other non-RPC based > services. Last week rpc.lockd on one of my systems got hold of TCP > port 995, leaving inetd unable to start any pop3s services. >Another fix for this is to add flags to the daemons themselves to allow the RPC services to be bound by port number. I added this to mountd so that I could bind its port on startup for running mountd on a DMZ host, thus enabling mountd access to be filtered in the firewall. Regards, BMS
Trond Endrest?l wrote: > I have on many occasions run into the situation where the RPC based > services have occupied the well-known ports for other non-RPC based > services. Last week rpc.lockd on one of my systems got hold of TCP > port 995, leaving inetd unable to start any pop3s services. Yes, that's annoying. I think a simple work-around for the problem is to lower the sysctl net.inet.ip.portrange.lowfirst. The default is 1023. If you don't need any other ports right beneath 995, then you can set it to 994 via /etc/sysctl.conf. Then the RPC-based services that don't use fixed ports should start using port numbers from 994 downwards. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "I learned Java 3 years before Python. It was my language of choice. It took me two weekends with Python before I was more productive with it than with Java." -- Anthony Roberts
On Tue, Oct 17, 2006 at 08:46:49AM +0200, Trond Endrest?l wrote:> I have on many occasions run into the situation where the RPC based > services have occupied the well-known ports for other non-RPC based > services. Last week rpc.lockd on one of my systems got hold of TCP > port 995, leaving inetd unable to start any pop3s services. > > The easy cure is to add this line > > # BEFORE: rpcbind > > to /etc/rc.d/inetd. > > You might want to consider fixing /etc/rc.d/inetd prior to the release > of 6.2.I'm pretty sure this change would break inetd's rpc service support and would change the startup order more significantly than I think is appropriate this late in the release cycle. -- Brooks -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20061017/e0db5c2e/attachment.pgp