Date: Tue, 2 Aug 2005 20:38:53 GMT From: Richard Bejtlich <taosecurity@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/84494: rpcbind TCP cannot be told to bind to a specific IP Message-ID: <200508022038.j72KcrVX046591@www.freebsd.org> Resent-Message-ID: <200508022040.j72Ke9Wj078610@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 84494
>Category: bin
>Synopsis: rpcbind TCP cannot be told to bind to a specific IP
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Aug 02 20:40:08 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Richard Bejtlich
>Release: 5.4
>Organization:
TaoSecurity
>Environment:
FreeBSD janney.taosecurity.com 5.4-RELEASE FreeBSD 5.4-RELEASE #1: Wed Jun 22 15:28:12 EDT 2005 root@janney.taosecurity.com:/usr/obj/usr/src/sys/JANNEY i386
>Description:
One cannot tell rpcbind(8) to listen on a specific IP address for TCP requests. This functionality only exists for UDP requests, per the man page:
-h Specify specific IP addresses to bind to for UDP requests. This
option may be specified multiple times and is typically necessary
when running on a multi-homed host.
>How-To-Repeat:
grep rpcbind /etc/rc.conf
rpcbind_enable="YES"
rpcbind_flags="-h 192.168.3.7"
/etc/rc.d/rpcbind start
Starting rpcbind.
sockstat -4 | grep rpcbind
root rpcbind 82389 10 udp4 127.0.0.1:111 *:*
root rpcbind 82389 11 udp4 192.168.3.7:111 *:*
root rpcbind 82389 12 udp4 *:1010 *:*
root rpcbind 82389 13 tcp4 *:111 *:*
>Fix:
Please modify rpcbind(8) so it can bind to a specific IP for TCP and UDP requests. The alternative, using a firewall to limit access, seems excessive! Thank you.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508022038.j72KcrVX046591>