TCP/UDP port range for default AIX NFS? | Unix Linux Forums | AIX

  Go Back    


AIX AIX is IBM's industry-leading UNIX operating system that meets the demands of applications that businesses rely upon in today's marketplace.

TCP/UDP port range for default AIX NFS?

AIX


Tags
aix, unix

Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 04-07-2011
famasutika's Avatar
famasutika famasutika is offline
Registered User
 
Join Date: Jun 2010
Last Activity: 20 June 2013, 1:44 AM EDT
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Question TCP/UDP port range for default AIX NFS?

May I know what is the TCP/UCP port range for any default AIX NFS? Based on rpcinfo -p, I got the following output:

program vers proto port service
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
200006 1 udp 2049
200006 4 udp 2049
200006 1 tcp 2049
200006 4 tcp 2049
100005 1 tcp 32769 mountd
100005 2 tcp 32769 mountd
100005 3 tcp 32769 mountd
100005 1 udp 32793 mountd
100005 2 udp 32793 mountd
100005 3 udp 32793 mountd
400005 1 udp 32794
100024 1 tcp 32770 status
100024 1 udp 32795 status
100133 1 tcp 32770
100133 1 udp 32795
200001 1 tcp 32770
200001 1 udp 32795
200001 2 tcp 32770
200001 2 udp 32795
100021 1 udp 32820 nlockmgr
100021 2 udp 32820 nlockmgr
100021 3 udp 32820 nlockmgr
100021 4 udp 32820 nlockmgr
100021 1 tcp 32771 nlockmgr
100021 2 tcp 32771 nlockmgr
100021 3 tcp 32771 nlockmgr
100021 4 tcp 32771 nlockmgr
200012 2 udp 702
200012 3 udp 703

I didn't see any NFS port range in /etc/environment. In order to setup NFS behind a firewall, what are the ports/port range we should open?

Thanks.
Sponsored Links
    #2  
Old 04-08-2011
bakunin bakunin is offline Forum Staff  
Bughunter Extraordinaire
 
Join Date: May 2005
Last Activity: 18 September 2014, 3:36 PM EDT
Location: In the leftmost byte of /dev/kmem
Posts: 4,249
Thanks: 45
Thanked 816 Times in 643 Posts
You might want to consult this post.

I hope this helps.

bakunin
Sponsored Links
    #3  
Old 04-08-2011
ram1729 ram1729 is offline
Registered User
 
Join Date: May 2008
Last Activity: 11 September 2014, 6:04 AM EDT
Posts: 16
Thanks: 0
Thanked 1 Time in 1 Post
Can you provide me the nfs reserved ports value ?

nfso -a | grep nfs_use_reserved_ports

If nfs_use_reserved_ports=0 AIX server uses nonreserved IP port numbers above 1024 when the NFS client communicates with the NFS server.

If nfs_use_reserved_ports=1 AIX server uses nonreserved IP port numbers below 1024
when the NFS client communicates with the NFS server.
    #4  
Old 04-11-2011
famasutika's Avatar
famasutika famasutika is offline
Registered User
 
Join Date: Jun 2010
Last Activity: 20 June 2013, 1:44 AM EDT
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by ram1729 View Post
Can you provide me the nfs reserved ports value ?

nfso -a | grep nfs_use_reserved_ports

If nfs_use_reserved_ports=0 AIX server uses nonreserved IP port numbers above 1024 when the NFS client communicates with the NFS server.

If nfs_use_reserved_ports=1 AIX server uses nonreserved IP port numbers below 1024
when the NFS client communicates with the NFS server.
From my nfso -a output, my nfs_use_reserved_ports=0.

Is there a way to fix the NFS server/client port range so that we could have NFS setup behind a firewall?

What are the best practice for NFS setup behind a firewall?

My security team was asking whehter NFS client supports keep alive feature, whereby NFS client connection will re-establish a new connection automatically after timed out? Anyway, is there any client session timed out settings on NFS server?
Sponsored Links
    #5  
Old 04-11-2011
bakunin bakunin is offline Forum Staff  
Bughunter Extraordinaire
 
Join Date: May 2005
Last Activity: 18 September 2014, 3:36 PM EDT
Location: In the leftmost byte of /dev/kmem
Posts: 4,249
Thanks: 45
Thanked 816 Times in 643 Posts
Quote:
Originally Posted by famasutika View Post
Is there a way to fix the NFS server/client port range so that we could have NFS setup behind a firewall?

What are the best practice for NFS setup behind a firewall?
As i have said in the post i linked for you: there is probably no such way. The best practice is to use some other protocol/means for file sharing.

What is the point of using a firewall between two hosts when you share diskspace between them?

I hope this helps.

bakunin
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
print range between two patterns if it contains a pattern within the range joyan321 Shell Programming and Scripting 2 06-18-2009 05:27 PM



All times are GMT -4. The time now is 11:47 PM.