- From: "Skip Morrow" <skip pelorus org>
- To: <gnome-redhat-list gnome org>
- Subject: Portmap
- Date: Sat, 19 Oct 2002 11:18:01 -0400
I did a search of the archives and didn't see this.
Why do I need to have the portmap service running? I don't like the fact
that it opens port 111 on ALL interfaces. Yeah, I know how to block it with
iptables, and use hosts.allow and hosts.deny, but the fact is, it is still a
hole that simply isn't necessary. If I stop the portmap service, I get
bunches of FAM errors whenever I run gedit. Is there a way to stop the
errors and not have the portmap service running?
Now, I wouldn't mind running this service if I could run it through xinetd,
because then I could force it to bind only to the loopback interface (and
maybe my internal network interface, if necessary), but I haven't figured
out a way to do that yet, either. Perhaps someone could show me ho to do
this. Here's what I've tried:
# description: portmap
disable = no
# bind = 127.0.0.1
port = 111
socket_type = stream
type = RPC
rpc_version = 2
rpc_number = 100000
protocol = tcp
wait = yes
# only_from = 127.0.0.1
user = root
server = /sbin/portmap
log_on_failure += USERID
I commented out the "bind" and "only_from" because first I just want to get
it working, but I haven't had any luck yet at all.
I restarted xinetd and did a netstat, and it doesn't even show port 111 open
at all. Nothing unusual in var/log/messages either.
You can't have everything...Where would you put it?
- Steven Wright
] [Thread Prev