Date: Sat, 19 Feb 2011 16:47:32 -0800 From: Chuck Swiger <cswiger@mac.com> To: Rick Macklem <rmacklem@uoguelph.ca> Cc: freebsd-stable@freebsd.org Subject: Re: statd/lockd startup failure Message-ID: <8AB6976A-610D-46B1-BAE8-2BBDC70BBAE6@mac.com> In-Reply-To: <931979672.138955.1298150177898.JavaMail.root@erie.cs.uoguelph.ca> References: <931979672.138955.1298150177898.JavaMail.root@erie.cs.uoguelph.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi-- On Feb 19, 2011, at 1:16 PM, Rick Macklem wrote: > Well, that was what I was proposing. I could be wrong, but as far as I > know, this is allowed by Sun RPC. The port#s are assigned dynamically and > registered with rpcbind. (I don't necessarily agree with the design, but > this was/is how Sun RPC does it. The philosophy was/is that apps. don't know > what port# is being used and shouldn't care. If sysadmins want to use a > fixed port#, they can use command line options to override the default > dynamic assignment. And, yes, this is one reason that Sun RPC is a pita > w.r.t. firewalls. 1980s design...) Trying to force SunRPC and old NFS through fixed ports in order to pass through a firewall sounds like a lot more work, and weakens the security of a firewall to such a significant extent that I have to wonder if it is the right problem to solve. :-) Why not setup a VPN via OpenVPN/IPSec/ssh+ppp/etc...? Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8AB6976A-610D-46B1-BAE8-2BBDC70BBAE6>