[Contents][Prev][Next][Index][Report an Error]

RPC and RPC Portmap Services

The Remote Procedure Call (RPC) ALG uses well-known ports TCP 111 and UDP 111 for port mapping, which dynamically assigns and opens ports for RPC services. The RPC Portmap ALG keeps track of port requests and dynamically opens the firewall for these requested ports. The RPC ALG can further restrict the RPC protocol by specifying allowed program numbers.

The ALG includes the RPC services listed in Table 13:

Table 13: Supported RPC Services

Name

Description

Comments

rpc-mountd

Network File Server (NFS) mount daemon for details, see the UNIX man page for rpc.mountd(8).

The base support is RPC v2 and the port mapper service on port 111 (see RFC1050).

rpc-nfsprog

Used as part of NFS. For details, see RFC 1094. See also RFC1813 for NFS v3.

The base support is RPC v2 and the port mapper service on port 111 (see RFC1050).

rpc-nisplus

Network Information Service Plus (NIS+), designed to replace NIS; it is a default naming service for Sun Solaris and is not related to the old NIS. No protocol information is available.

The base support is RPC v2 and the port mapper service on port 111 (see RFC1050).

rpc-nlockmgr

Network lock manager.

The base support is RPC v2 and the port mapper service on port 111 (see RFC1050). Once the RPC program table is built, rpc-nlockmgr service can be allowed or blocked based on RPC program 100021.

rpc-pcnfsd

Kernel statistics server. For details, see the UNIX man pages for rstatd and rpc.rstatd.

The base support is RPC v2 and the port mapper service on port 111 (see RFC1050). Once the RPC program table is built, rpc-rstat service can be allowed or blocked based on RPC program 150001.

rpc-rwall

Used to write a message to users; for details, see the UNIX man page for rpc.rwalld.

The base support is RPC v2 and the port mapper service on port 111 (see RFC1050). Once the RPC program table is built, rpc-rwall service can be allowed or blocked based on RPC program 150008.

rpc-ypbind

NIS binding process. For details, see the UNIX man page for ypbind.

The base support is RPC v2 and the port mapper service on port 111 (see RFC1050). Once the RPC program table is built, rpc-ypbind service can be allowed or blocked based on RPC program 100007.

rpc-yppasswd

NIS password server. For details, see the UNIX man page for yppasswd.

The base support is RPC v2 and the port mapper service on port 111 (see RFC1050). Once the RPC program table is built, rpc-yppasswd service can be allowed or blocked based on RPC program 100009.

rpc-ypserv

NIS server. For details, see the UNIX man page for ypserv.

The base support is RPC v2 and the port mapper service on port 111 (see RFC1050). Once the RPC program table is built, rpc-ypserv service can be allowed or blocked based on RPC program 100004.

rpc-ypupdated

Network updating tool.

The base support is RPC v2 and the port mapper service on port 111 (see RFC1050). Once the RPC program table is built, rpc-ypupdated service can be allowed or blocked based on RPC program 100028.

rpc-ypxfrd

NIS map transfer server. For details, see the UNIX man page for rpc.ypxfrd.

The base support is RPC v2 and the port mapper service on port 111 (see RFC1050). Once the RPC program table is built, rpc-ypxfrd service can be allowed or blocked based on RPC program 100069.

Support for stateful firewall and NAT services that use port mapping requires that you configure the RPC portmap ALG on TCP/UDP destination port 111 and the RPC ALG for both TCP and UDP. You can specify one or more rpc-program-number values to further restrict allowed RPC protocols.

[Contents][Prev][Next][Index][Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.