From owner-freebsd-stable Sat Oct 21 11:22:27 2000 Delivered-To: freebsd-stable@freebsd.org Received: from math.uic.edu (galois.math.uic.edu [131.193.178.114]) by hub.freebsd.org (Postfix) with SMTP id 2988837B4C5 for ; Sat, 21 Oct 2000 11:22:26 -0700 (PDT) Received: (qmail 21356 invoked by uid 31415); 21 Oct 2000 18:22:40 -0000 Date: 21 Oct 2000 18:22:40 -0000 Message-ID: <20001021182240.21355.qmail@math.uic.edu> From: vladimir@math.uic.edu To: freebsd-stable@freebsd.org Subject: ipfw advice needed Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Dear -STABLE users, I am trying to setup ipfw rules to protect some of our crucial machines, including a file server. The system is 4.1.1-STABLE. So far I've been using access lists on the router, but would like to get some extra security on the machine itself. One thing got me confused: there is a couple of daemons that are listening on the ports not listed in /etc/services. For example, (lsof output): ypserv 126 root 5u IPv4 0xcefe2d80 0t0 TCP *:1023 (LISTEN) ypbind 128 root 5u IPv4 0xcefe2b60 0t0 TCP *:1022 (LISTEN) mountd 135 root 4u IPv4 0xcefe2940 0t0 TCP *:1021 (LISTEN) nfsd 137 root 3u IPv4 0xcefe2720 0t0 TCP *:nfsd (LISTEN) rpc.lockd 161 root 4u IPv4 0xce898900 0t0 UDP *:lockd rpc.lockd 161 root 5u IPv4 0xcefe2500 0t0 TCP *:lockd (LISTEN) rpc.lockd 161 root 9u IPv4 0xce89a6c0 0t0 UDP *:855 rpc.statd 163 root 3u IPv4 0xce898840 0t0 UDP *:990 rpc.statd 163 root 4u IPv4 0xcefe22e0 0t0 TCP *:1020 (LISTEN) ypbind listens on ports 1022, mountd on tcp port 1021, ypserv on tcp port 1023, statd on port 1020. What do I do with those? Are these ports officially assigned or are they arbitrarily selected by these daemons when they start and register with the portmapper? Is there a range of TCP ports that I should keep opened for incoming connections for these services to operate properly? Any hints would be appreciated. Thanks you! Vladimir To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message