Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: TCP/UDP port range for default AIX NFS?
Operating Systems AIX TCP/UDP port range for default AIX NFS? Post 302512640 by famasutika on Monday 11th of April 2011 06:12:04 AM
Old 04-11-2011
Quote:
Originally Posted by ram1729
Can you provide me the nfs reserved ports value ?

nfso -a | grep nfs_use_reserved_ports

If nfs_use_reserved_ports=0 AIX server uses nonreserved IP port numbers above 1024 when the NFS client communicates with the NFS server.

If nfs_use_reserved_ports=1 AIX server uses nonreserved IP port numbers below 1024
when the NFS client communicates with the NFS server.
From my nfso -a output, my nfs_use_reserved_ports=0.

Is there a way to fix the NFS server/client port range so that we could have NFS setup behind a firewall?

What are the best practice for NFS setup behind a firewall?

My security team was asking whehter NFS client supports keep alive feature, whereby NFS client connection will re-establish a new connection automatically after timed out? Anyway, is there any client session timed out settings on NFS server?
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

TCP/UDP Ports

Just starting to work with unix, wondering if there is any good on-line documentation explaining TCP/UDP ports, how to use them, etc... Thanks.... (1 Reply)
Discussion started by: eugene_mayo
1 Replies

2. IP Networking

TCP/UDP Ports

Just wondering if anyone knows of any good on-line documentation on TCP/UDP Ports. Basically i want to know how to check if they are in use, learn how to close them, etc... Thanks... (5 Replies)
Discussion started by: eugene_mayo
5 Replies

3. UNIX for Advanced & Expert Users

3600 tcp/udp, trap-daemon, text relay-answer

3600 tcp/udp, trap-daemon, text relay-answer Does anyone know what this service is responsible for, or how significant it is? Thanks.....James (1 Reply)
Discussion started by: cassj
1 Replies

4. UNIX for Dummies Questions & Answers

How to check the TCP/UDP port of a connection

Hi, Users are connecting thru a KCML Client to UNIX machine, and I want to know which TCP/UDP port that client uses? How can I check the port of a user logged in? Regards, Tayyab (2 Replies)
Discussion started by: tayyabq8
2 Replies

5. AIX

TCP port 70000 on AIX 6.1? (Surely higher than allowed maximum?)

Looking at /etc/services on AIX 6.1, I noticed some bizarre port numbers which exceed the 16-bit maximum port number for TCP (i.e. they are higher than 65535.) sco_printer 70000/tcp sco_spooler # For System V print IPC sco_s5_port 70001/tcp lpNet_s5_port ... (5 Replies)
Discussion started by: garethr
5 Replies

6. UNIX for Advanced & Expert Users

bind 9 forwarders: use UDP or TCP?

I use forwarders for a subzone, but TCP 53 is blocked, So does forwarders really need TCP? If forwaders use UDP, I can't get following scenario to work: main zone is master, but subzone is forwad. Is it possible? (On name sever itself, resolution of xx.stub.abc.com worked fine.) #sub zone... (2 Replies)
Discussion started by: honglus
2 Replies

7. Infrastructure Monitoring

UDP Port 161

hi guys My linux server have SNMP configure port by default is 161 (UDP) now my monitor team - who are using Nagios - say the server are not being monitor so check netstat -lnu and I see all is OK and snmp service is running fine what else should I check about this port 161? to see if it is... (0 Replies)
Discussion started by: karlochacon
0 Replies

8. Shell Programming and Scripting

How to check UDP port example = 31011?

We have open port UDP port 31011, how to verify if port were working or traffic were receive. (2 Replies)
Discussion started by: avtalan
2 Replies

9. IP Networking

Tcp ip port open but no such process (merged: Release A Port)

i want to kill a tcp connection by killing its pid with netstat -an i got the tcp ip connection on port 5914 but when i type ps -a or ps-e there is not such process running on port 5914 is it possible that because i do not log on with proper user account i can not see that process running? (30 Replies)
Discussion started by: alinamadchian
30 Replies

10. UNIX for Beginners Questions & Answers

Bash script, find the next closed (not in use) port from some port range.

hi, i would like to create a bash script that check which port in my Linux server are closed (not in use) from a specific range, port range (3000-3010). the print output need to be only 1 port, and it will be nice if the output will be saved as a variable or in same file. my code is: ... (2 Replies)
Discussion started by: yossi
2 Replies

LEARN ABOUT HPUX

nfssec

nfssec(5)							File Formats Manual							 nfssec(5)

NAME

       nfssec - overview of NFS security modes

DESCRIPTION

       The  mount_nfs(1M)  and	share_nfs(1M) commands each provide a way to specify the security mode to be used on an NFS filesystem through the
       option.	mode can be either or These security modes may also be added to the automount maps.  Note that mount_nfs(1M) and automount(1M)	do
       not support at this time.

       The  option  on	the share_nfs(1M) command line establishes the security mode of NFS servers.  If the NFS connection uses the NFS Version 3
       protocol, the NFS clients must query the server for the appropriate mode to use.  If the NFS connection uses the NFS  Version  2  protocol,
       then  the NFS client uses the default security mode, which is currently NFS clients may force the use of a specific security mode by speci-
       fying the option on the command line.  However, if the filesystem on the server is not shared with that security mode, the  client  may	be
       denied access.

       If  the	NFS client wants to authenticate the NFS server using a particular (stronger) security mode, the client wants to specify the secu-
       rity mode to be used, even if the connection uses the NFS Version 3 protocol.  This guarantees that an attacker masquerading as the  server
       does not compromise the client.

       The  NFS security modes are described below.  Of these, the modes use the Kerberos V5 protocol for authenticating and protecting the shared
       filesystems.  Before these can be used, the system must be configured to be part of a Kerberos realm.

       Use	 authentication.  The user's UNIX user-id and group-ids are passed in the clear on the network, unauthenticated by the NFS  server
		 .  This is the simplest security method and requires no additional administration.  It is the default used by HP-UX NFS Version 2
		 clients and HP-UX NFS servers.

       Use a Diffie-Hellman public key system
		 which is referred to as in the forthcoming Internet RFC).

       Use Kerberos V5 protocol to authenticate users before granting access
		 to the shared filesystem.

       Use Kerberos V5 authentication with integrity checking (checksums) to
		 verify that the data has not been tampered with.

       User Kerberos V5 authentication, integrity checksums, and privacy protection
		 (encryption) on the shared filesystem.  This provides the most secure filesystem sharing, as all traffic is encrypted.  It should
		 be  noted  that  performance  might  suffer on some systems when using depending on the computational intensity of the encryption
		 algorithm and the amount of data being transferred.

       Use null authentication
		 NFS clients using have no identity and are mapped to the anonymous user by NFS servers.  A client using  a  security  mode  other
		 than the one with which an HP-UX NFS server shares the filesystem has its security mode mapped to In this case, if the filesystem
		 is shared with users from the client are mapped to the anonymous user.

WARNINGS

       lists the NFS security services.  Do not edit this file.  It is not intended to be user-configurable.

FILES

       NFS security service configuration file

SEE ALSO

       automount(1M), mount_nfs(1M), share_nfs(1M), rpc_clnt_auth(3N), secure_rpc(3N), nfssec.conf(4).

																	 nfssec(5)
All times are GMT -4. The time now is 06:46 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy