From owner-freebsd-bugs@FreeBSD.ORG Tue Aug 2 20:40:09 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8F6D16A41F for ; Tue, 2 Aug 2005 20:40:09 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52C9F43D53 for ; Tue, 2 Aug 2005 20:40:09 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j72Ke96i078613 for ; Tue, 2 Aug 2005 20:40:09 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j72Ke9Wj078610; Tue, 2 Aug 2005 20:40:09 GMT (envelope-from gnats) Resent-Date: Tue, 2 Aug 2005 20:40:09 GMT Resent-Message-Id: <200508022040.j72Ke9Wj078610@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Richard Bejtlich Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5137216A41F for ; Tue, 2 Aug 2005 20:38:54 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22EF643D48 for ; Tue, 2 Aug 2005 20:38:54 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j72Kcrdu046592 for ; Tue, 2 Aug 2005 20:38:54 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id j72KcrVX046591; Tue, 2 Aug 2005 20:38:53 GMT (envelope-from nobody) Message-Id: <200508022038.j72KcrVX046591@www.freebsd.org> Date: Tue, 2 Aug 2005 20:38:53 GMT From: Richard Bejtlich To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: bin/84494: rpcbind TCP cannot be told to bind to a specific IP X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Aug 2005 20:40:10 -0000 >Number: 84494 >Category: bin >Synopsis: rpcbind TCP cannot be told to bind to a specific IP >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Aug 02 20:40:08 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Richard Bejtlich >Release: 5.4 >Organization: TaoSecurity >Environment: FreeBSD janney.taosecurity.com 5.4-RELEASE FreeBSD 5.4-RELEASE #1: Wed Jun 22 15:28:12 EDT 2005 root@janney.taosecurity.com:/usr/obj/usr/src/sys/JANNEY i386 >Description: One cannot tell rpcbind(8) to listen on a specific IP address for TCP requests. This functionality only exists for UDP requests, per the man page: -h Specify specific IP addresses to bind to for UDP requests. This option may be specified multiple times and is typically necessary when running on a multi-homed host. >How-To-Repeat: grep rpcbind /etc/rc.conf rpcbind_enable="YES" rpcbind_flags="-h 192.168.3.7" /etc/rc.d/rpcbind start Starting rpcbind. sockstat -4 | grep rpcbind root rpcbind 82389 10 udp4 127.0.0.1:111 *:* root rpcbind 82389 11 udp4 192.168.3.7:111 *:* root rpcbind 82389 12 udp4 *:1010 *:* root rpcbind 82389 13 tcp4 *:111 *:* >Fix: Please modify rpcbind(8) so it can bind to a specific IP for TCP and UDP requests. The alternative, using a firewall to limit access, seems excessive! Thank you. >Release-Note: >Audit-Trail: >Unformatted: