[ale] Closing ports 111 & 6000

Charles Shapiro charles.shapiro at nubridges.com
Fri Sep 6 15:01:48 EDT 2002


I'm sure Joseph and you are right about X11; I'm not especially familiar
with it. But a bunch of other stuff besides NFS uses RPC, including the
portmapper service itself (which tells what other RPC services are
available), the Network Information Service (NIS aka yp), and other
oddments such as the rpc statd service. All of them need portmapper
running on the server in order to work.

Don't get me wrong -- a box which is in any kind of exposed position on
the internet should have none of these things running, 'specially
because figuring out what RPC services are available on a server is
simply a matter of running "rpcinfo -p hostname" with no authentication
needed. But ya need to be aware of what you're turning off. The NIS
services, in particular, are quite useful inside your own network. We
use 'em & love 'em on our development boxen.

-- CHS

On Fri, 2002-09-06 at 12:47, Jordi S. Bunster wrote:
> On Fri, 2002-09-06 at 11:46, Charles Shapiro wrote:
> 
> > Looks like 111 is portmapper, and 6000 is X11.  Without portmapper, you
> > won't have the  Network File System (or any other rpc-based services),
> 
> Correct me on this one but, don't you need the portmapper only for
> serving NFS?
> 
> > and without 6000 you won't have X Windows.
> 
> I'm pretty sure there's a -nolisten option to X (or was it xinit?),
> which takes a parameter. If you only give it tcp as a parameter, you can
> still use :0 or :1 as local displays, but not use X across the network
> anymore. You close the ports, but you still have X.
> 
> > On most BSD-flavor
> > distros,
> 
> This one is just personal curiosity: Are there many BSDish Linux distros
> out there, besides the hybrid slackware? What distro is the OP running?
> 
> -- Jsb
> 
> 
> 
> 
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
> 


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list