freebsd stable - Jan 2006 - rpcbind lingering on IP no longer specified on command line

I had rpcbind running with on two interfaces like this:

rpcbind -h 192.168.100.200 -h 10.0.0.9

Now, I changed rpcbind_flags in /etc/rc.conf to just have the first  
address, and I restarted rpcbind.  the process list from ps shows it  
is running like this:

rpcbind -h 192.168.100.200

Yet nmap on the other address shows rpcbind is still listening on udp  
there.  How do I stop that?

Thanks.



=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Vivek Khera,
Ph.D.                Khera Communications, Inc.
Internet: khera@kciLink.com       Rockville, MD  +1-301-869-4449 x806

FWIW, this question could probably have been asked on freebsd-questions@ 
since it doesn't really pertain specifically to an issue about a stable 
branch, but that's not the end of the world.

Vivek Khera wrote:
> I had rpcbind running with on two interfaces like this:
> 
> rpcbind -h 192.168.100.200 -h 10.0.0.9
> 
> Now, I changed rpcbind_flags in /etc/rc.conf to just have the first 
> address, and I restarted rpcbind.  the process list from ps shows it is 
> running like this:
> 
> rpcbind -h 192.168.100.200
> 
> Yet nmap on the other address shows rpcbind is still listening on udp 
> there.  How do I stop that?
What does 'sockstat | grep rpcbind' tell you?

-- 

     This .signature sanitized for your protection

On Wed, 4 Jan 2006, Vivek Khera wrote:

VK> I had rpcbind running with on two interfaces like this:
VK> 
VK> rpcbind -h 192.168.100.200 -h 10.0.0.9
VK> 
VK> Now, I changed rpcbind_flags in /etc/rc.conf to just have the first
address,
VK> and I restarted rpcbind.  the process list from ps shows it is running
like
VK> this:
VK> 
VK> rpcbind -h 192.168.100.200
VK> 
VK> Yet nmap on the other address shows rpcbind is still listening on udp
there.
VK> How do I stop that?

As I sometimes looked into this, rpcbind (formely portmap) listens on all 
described addresses via udp *and* an tcp:*.111 - I tried to dig why is this but 
did not succeed much.

Sincerely,
D.Marck                                     [DM5020, MCK-RIPE, DM3-RIPN]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru ***
------------------------------------------------------------------------

> Date: Thu, 5 Jan 2006 10:31:33 -0500
> From: Vivek Khera <vivek@khera.org>
> Subject: Re: rpcbind lingering on IP no longer specified on command
> 	line
> To: stable@freebsd.org
> Message-ID: <51DD97C7-4002-4459-A709-1B72DC1189A7@khera.org>
> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
> 
> 
> On Jan 5, 2006, at 6:06 AM, Gavin Atkinson wrote:
> 
> >> Can anyone explain why rpcbind will still bind to all tcp
interfaces?
> >
> > Although I believe this is a bug, it is actually working as  
> > documented:
> >
> > from rpcbind(8):
> >      -h bindip
> >              Specify specific IP addresses to bind to for UDP  
> > requests.
> 
> Yeah, I noticed that little tiny "UDP requests" note in the -h
docs
> too.  There's no reason to bind to all tcp addresses, and it is  
> causing me heartburn for getting the server certified...
Good grief, why not just firewall off the undesired UDP ports and call
it good?

Skipped content of type multipart/mixed-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060106/b8c84669/attachment.bin