nfs on 17.04
Xen
list at xenhideout.nl
Thu Jun 29 11:56:44 UTC 2017
R Kimber schreef op 29-06-2017 13:45:
> gives:
>
> clnt_create: RPC: Port mapper failure - Timed out
>
> Port 111 is not enabled. Is that the problem? Should I enable it? A
> bit of
> Googling implies that its a security risk.
The portmapper has been used to amplify "damage" to other hosts by using
the portmapper daemon as a responder to fake packets directed at a
target host.
In other words your own system is not at risk, but what has happened is
that systems have been used to amplify botnet damage to other systems
(not yours).
You can easily use /etc/hosts.deny to deny traffic to this portmapper to
anything other than your own networks or hosts.
On a Debian 8 system this looks like this:
# cat /etc/hosts.allow
ALL EXCEPT nfsd, rpcbind @<ip address>: ALL
# cat /etc/hosts.deny
ALL: ALL EXCEPT 127. [::1]/128 10. 192.168.
What you see here is that I denied access to everything except local
networks.
Then I allowed access to everything (on this IP) except nfsd and
rpcbind.
So in this example all external hosts have access to everything on this
primary IP except for nfsd and rpcbind, that have been denied by the
hosts.deny file, except for local networks.
An alternative is this:
# hosts.deny:
nfsd, rpcbind: ALL EXCEPT 127. [::1]/128 10. 192.168.
and no hosts.allow.
The nfsd and rpcbind are the names of the required daemons, as you can
see.
My VPS host ran a portscan on me and determined it to be safe.
Regards.
More information about the ubuntu-users
mailing list