> Hi-- > > On Feb 19, 2011, at 1:16 PM, Rick Macklem wrote: > > Well, that was what I was proposing. I could be wrong, but as far as > > I > > know, this is allowed by Sun RPC. The port#s are assigned > > dynamically and > > registered with rpcbind. (I don't necessarily agree with the design, > > but > > this was/is how Sun RPC does it. The philosophy was/is that apps. > > don't know > > what port# is being used and shouldn't care. If sysadmins want to > > use a > > fixed port#, they can use command line options to override the > > default > > dynamic assignment. And, yes, this is one reason that Sun RPC is a > > pita > > w.r.t. firewalls. 1980s design...) > > Trying to force SunRPC and old NFS through fixed ports in order to > pass through a firewall sounds like a lot more work, and weakens the > security of a firewall to such a significant extent that I have to > wonder if it is the right problem to solve. :-) > > Why not setup a VPN via OpenVPN/IPSec/ssh+ppp/etc...? > Well, the discussion was how to fix a problem where the dynamically assigned port# for one of (udp,tcp X ip6,ip4) wasn't available for the others. The test patch I posted allowed each of the four to select different port#s. The daemons already allow specification of a fixed port# (-p option) for anyone who wants a fixed port#. (And yes, I see not being able to run this stuff through a firewall a feature and not a bug.)
rick _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
