لطفا منتظر باشید ...
Understanding the
Portmapper
Most TCP/IP servers work by attaching
themselves to a port, which is set by convention to a single value. For
instance, Simple Mail Transfer Protocol (SMTP) servers bind themselves to port
25, and Hyptertext Transfer Protocol (HTTP, aka Web) servers use port 80. These
servers usually can use nonstandard ports, but
most servers use the conventional port numbers so that clients can connect to
them without having to be configured to use a nonstandard port. NFS, though, is
one of a class of protocols that works slightly differently: It uses what's
known as the portmapper, which is a utility
that binds to a fixed port (111), monitors the ports that specific servers use,
and directs clients to use the correct ports. (NFS generally uses UDP port
2049, but NFSv3 may use TCP port 2049.) This whole process is closely related
to the Remote Procedure Call (RPC) services, of
which NFS is one example. The portmapper handles RPC services.The portmapper is implemented in a program
called portmap . This program is normally started as part of your network startup
script, or in a startup script of its own. Although it doesn't normally operate
via a super server like inetd , recent versions of the portmapper can use TCP Wrappers. You can
substantially improve your NFS server's security by blocking access to the
portmapper except by computers that should be allowed access to it. The
following line placed in /etc/hosts.deny will restrict portmapper access: portmap : ALL
You can then loosen access to the portmapper
by entering the IP addresses of computers or networks that should have access
to NFS and other RPC services into /etc/hosts.allow : portmap : 192.168.1.
NOTE
align=left border=0> forms of client specifications. You shouldn't specify clients by hostname in
the case of the portmapper, though, because hostname lookups can cause
portmap activity. Thus, in looking up the hostname, portmap can be called
again, which causes another hostname lookup, and so on. This sort of infinite
loop will, of course, get you nowhere while consuming lots of CPU time. Instead
of using hostnames, use IP addresses or IP address fragments.
Starting the portmapper isn't enough to serve
files via NFS. In addition to defining the directories you want to share (as
described in the next section, "
by a SysV startup script called nfs or something similar. Some
distributions require you to start two or more SysV startup scripts (in
addition to the portmapper) to get NFS working. These scripts will probably run
automatically when you boot after installing the NFS server package. If you
change your configuration, you may need to call the NFS SysV startup script
with the restart option, as in /etc/rc.d/init.d/nfs
restart .
