Troubleshooting guide
Appendix A: State Tables for VPN-1/FireWall-1 4.0 RPC tables
Advanced Technical Reference Guide 4.1 • June 2000 170
Example
attributes: refresh, expires 800
<c7cb47c6, 00000011, 00000753, 000186c3; 798/800>
The rpc_serv table uses the following format:
<source IP address, IP protocol, answer port; program number; time left/total time>
The source IP address is that of the responding server. The answer port is the answer for the port request in the
pmap_req table. Refer to the pmap_req table below for information on the program number field.
pmap_req table
The pmap_req table holds the clients’ requests to the port mapper for a certain server port. This table is used to
implement Stateful Inspection for RPC and holds data about the RPC and the “port mapper”.
Example
attributes: expires 10
<c0a8cd0c, c7cb47c6, 00000011, 00000753, 5a93f6d6; 000186c3; 5/10>
The pmap_req table uses the following format:
<source IP address, destination IP address, port mapper protocol, source port, transaction ID; RPC program
number; time left/total time>
The port mapper protocol is either 11 (UDP) or 6 (TCP). The transaction ID is the unique number assigned to
any port mapping request. The program number is the unique number of the program whose port was
requested. Some typical program numbers are:
Program Number Description
100001 Rstat
100004 Ypserv
100007 Ypbind
100300 NIS+
Note: Open any RPC service in FireWall-1 to see its program number
pmap_not_responding table
The pmap_not_responding table contains the list of IP addresses of computers on which the port mapper failed
to reply.
Example
attributes: expires 120
<c7cb47e3; 116/120>
The pmap_not_responding table uses the following format:
<IP address which is not replying>