Manualshelf

HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
81828384858687888990
13 HP-UX IPFilter with NFS and RPC
Introduction
The NFS service uses multiple daemons. The NFS daemon, nfsd, listens for requests on the static
(fixed) TCP and UDP port number 2049. By default, the auxiliary daemons used for the NFS
services—rpc.lockd (lockd), rpc.mountd (mountd), and rpc.statd (statd)—listen for
service requests on dynamic port numbers. These daemons use the Remote Procedure Call (RPC)
protocol and register port numbers with the port mapper daemon (rpc.portmap, or portmap)
which uses the static port number 111. Clients send requests to the portmap daemon to get the
dynamic port number of the service they want to access.
There are two methods to use IPFilter to process packets for the NFS auxiliary daemons:
Configure NFS to use static port numbers for the auxiliary daemons. You can then create
IPFilter rules for these port numbers. See Section (page 87).
Use the script /etc/opt/ipf/rpc.ipf to query the portmap daemon and update IPFilter
rules with the dynamic port numbers. You can use this procedure for any service that uses the
RPC portmap mechanism. See Section (page 88).
Configuring NFS to use fixed ports
You can configure NFS to use static port numbers for the lockd, mountd, and statd daemons
on the following systems:
HP-UX 11.31 systems
HP-UX 11.23 systems with the NFS patch PHNE_34550 or a patch that supersedes it
HP-UX 11.11 systems with the NFS patch PHNE_34662 or a patch that supersedes it
On HP-UX 11.31 systems, the lockd daemon uses the static UDP port 4045 by default.
Use the following procedure to configure the fixed port numbers for the auxiliary NFS daemons:
1. Add the following entries to the end of the /etc/rc.config.d/nfsconf file:
STATD_PORT=port_number
MOUNTD_PORT=port_number
where port_number is the number of the port you want the daemon to use. This must be a
port that is not already in use. HP recommends that you use a number between 49152 and
65536, the range reserved for dynamic or private ports by the IANA.
On HP-UX 11.11 and HP-UX 11.23 systems, you must also add the following entry for lockd:
LOCKD_PORT=port_number
HP recommends that you use the value 4045 for the lockd daemon port to match the port
number used by the HP-UX 11.31 version of the lockd daemon.
2. Stop and restart the NFS client and server services in a manner consistent with your operating
procedures. For example, stop the NFS services by running the NFS control scripts:
# /sbin/init.d nfs.client stop
# /sbin/init.d nfs.server stop
You can also restart the NFS services:
# /sbin/init.d nfs.client start
# /sbin/init.d nfs.server start
3. Optional: To verify the ports used by the NFS auxiliary daemons:
# rpcinfo -p
Introduction 87