list at fornax.net
Wed Dec 11 10:16:21 CST 2002
On Tue, 2002-12-10 at 20:57, Daryl Tester wrote:
> It isn't supposed to. I've just performed a packet capture between two
> machines here while executing a "rpcinfo -p zen", and all traffic is
> purely to the portmapper port.
Here's what the LOG target in the firewall is logging:
Dec 11 09:08:00 warren kernel: IN=lo OUT=
DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=111
DPT=633 WINDOW=32767 RES=0x00 ACK SYN URGP=0
So, it appears that when rpcinfo uses TCP, it actually has a source port
> Incidently, this is why I intensely dislike the "DROP" policy. An ICMP
> reject would have made this obvious reasonably quickly.
1) If I could set a default policy of REJECT instead of DROP, I would.
2) Yeah, I should have set up a default rule to REJECT sooner - for some
reason, I hadn't done it on this box yet (it's a new install). However,
it doesn't make it obvious! The rpcinfo -p command still takes "forever"
and eventually times out, even though the packets are being REJECTed
This may seem a bit weird, but that's okay, because it is weird.
-The Perl v5.0 manual page.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://www.linuxsa.org.au/pipermail/linuxsa/attachments/20021211/437d9b5b/attachment.bin
More information about the linuxsa