Andrew Hill list at fornax.net
Wed Dec 11 10:16:21 CST 2002


On Tue, 2002-12-10 at 20:57, Daryl Tester wrote:
> It isn't supposed to.  I've just performed a packet capture between two
> machines here while executing a "rpcinfo -p zen", and all traffic is
> purely to the portmapper port.

Here's what the LOG target in the firewall is logging:

Dec 11 09:08:00 warren kernel: IN=lo OUT=
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1
DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=111
DPT=633 WINDOW=32767 RES=0x00 ACK SYN URGP=0

So, it appears that when rpcinfo uses TCP, it actually has a source port
of 111?

> Incidently, this is why I intensely dislike the "DROP" policy.  An ICMP
> reject would have made this obvious reasonably quickly.

Two points:

1) If I could set a default policy of REJECT instead of DROP, I would.

2) Yeah, I should have set up a default rule to REJECT sooner - for some
reason, I hadn't done it on this box yet (it's a new install). However,
it doesn't make it obvious! The rpcinfo -p command still takes "forever"
and eventually times out, even though the packets are being REJECTed
now!

Cheers,

-- 
Andrew Hill

This may seem a bit weird, but that's okay, because it is weird.
-The Perl v5.0 manual page.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://www.linuxsa.org.au/pipermail/linuxsa/attachments/20021211/437d9b5b/attachment.bin


More information about the linuxsa mailing list