| View previous topic :: View next topic |
| Author |
Message |
dman777
Veteran
Joined: 10 Jan 2007
Posts: 1004
|
 Posted: Wed May 01, 2013 11:04 am Post subject: Too Many Ports Just For NFSv4 and Rsyslog using 8.8.8.8 . |
 |
|
When I run NFsV4, it seems I have alot of unecessary ports listening.
localhost four # netstat -nap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:5900 0.0.0.0:* LISTEN 1772/qemu-kvm
tcp 0 0 0.0.0.0:37165 0.0.0.0:* LISTEN 1631/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1614/rpcbind
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:43042 0.0.0.0:* LISTEN -
tcp 0 0 192.168.1.37:39803 74.125.227.221:443 TIME_WAIT -
tcp 0 0 192.168.1.37:43614 74.125.227.201:443 TIME_WAIT -
tcp 0 0 192.168.1.37:51347 74.125.227.214:443 TIME_WAIT -
udp 0 0 0.0.0.0:937 0.0.0.0:* 1614/rpcbind
udp 0 0 127.0.0.1:959 0.0.0.0:* 1631/rpc.statd
udp 0 0 192.168.1.37:42763 8.8.8.8:53 ESTABLISHED 1711/rsyslogd
udp 0 0 0.0.0.0:2049 0.0.0.0:* -
udp 0 0 0.0.0.0:48087 0.0.0.0:* 1631/rpc.statd
udp 0 0 0.0.0.0:48611 0.0.0.0:* -
udp 0 0 0.0.0.0:111 0.0.0.0:* 1614/rpcbind
udp 0 0 0.0.0.0:514 0.0.0.0:* 1711/rsyslogd
Since I am only usin NFS4 is there any way to shut some of nfs services listening on ports? I know port 2049 should be used but I was under the impression that this was the only one.
Also, why is rsyslogd using google's dns service 8.8.8.8? |
|
| Back to top |
|
 |
consus
n00b
Joined: 27 Aug 2012
Posts: 38
|
| Posted: Mon May 06, 2013 2:52 pm Post subject: |
|
|
Fear not my friend! Use these init scripts:
server (init):
| Code: |
#!/sbin/runscript
extra_started_commands="reload"
nfsd=/usr/sbin/rpc.nfsd
mountd=/usr/sbin/rpc.mountd
exportfs=/usr/sbin/exportfs
depend() {
local myneed
if [ -e /etc/exports ]; then
myneed="$(
awk '!/^[[:space:]]*#/ {
if ($0 ~ /[(][^)]*sec=(krb|spkm)[^)]*[)]/)
svcgssd = "rpc.svcgssd"
}
END { print svcgssd }' /etc/exports
)"
fi
config /etc/exports
need portmap ${myneed} ${NFS_NEEDED_SERVICES}
use ypbind net rpc.rquotad rpc.svcgssd
after quota
}
start() {
_mount_nfsd
_mkdir_nfsdirs
_configure_lockd
if [ "${RC_CMD}" = "start" ]; then
ebegin "Exporting NFS directories"
_exportfs -a
eend $?
fi
if [ "${RC_CMD}" = "restart" ]; then
ebegin "Re-exporting NFS directories"
_exportfs -r
eend $?
fi
ebegin "Starting NFS mountd"
start-stop-daemon --start --exec ${mountd} -- ${OPTS_RPC_MOUNTD}
eend $?
ebegin "Starting NFS daemon"
${nfsd} ${OPTS_RPC_NFSD}
eend $?
}
stop() {
local ret=0
ebegin "Stopping NFS mountd"
start-stop-daemon --stop --exec ${mountd}
eend $? || ret=1
ebegin "Stopping NFS daemon"
start-stop-daemon --stop --name nfsd --user root --signal 2
eend $? || ret=1
rpc.nfsd 0 # in case things don't work out ... #228127
if [ "${RC_CMD}" = "stop" ]; then
ebegin "Unexporting NFS directories"
_exportfs -au
eend $?
fi
return ${ret}
}
reload() {
ebegin "Re-exporting NFS directories"
_exportfs -r
eend $?
}
restart() {
svc_stop
svc_start
}
_mount_nfsd() {
if [ -e /proc/modules ]; then
if ! grep -qs nfsd /proc/filesystems; then
modprobe -q nfsd
fi
fi
if grep -qs nfsd /proc/filesystems; then
if ! grep -qs "nfsd /proc/fs/nfsd" /proc/mounts; then
ebegin "Mounting nfsd filesystem in /proc"
mount -t nfsd -o nodev,noexec,nosuid nfsd /proc/fs/nfsd
eend $?
fi
local opt
for opt in ${OPTS_NFSD} ; do
echo "${opt#*=}" > "/proc/fs/nfsd/${opt%%=*}"
done
fi
}
_mkdir_nfsdirs() {
local dir
for dir in rpc_pipefs v4recovery v4root; do
[ ! -d "/var/lib/nfs/${dir}" ] && mkdir -p "/var/lib/nfs/${dir}"
done
}
_exportfs() {
local opts="$@"
${exportfs} ${opts} 1>&2 &
local pid=$!
(
sleep ${EXPORTFS_TIMEOUT:-30}
kill -9 ${pid} 2>/dev/null
) &
wait ${pid}
}
_configure_lockd() {
if [ -d /proc/sys/fs/nfs ]; then
local opt
for opt in ${OPTS_LOCKD}; do
echo "${opt#*=}" > "/proc/sys/fs/nfs/${opt%%=*}"
done
fi
}
|
server (conf):
| Code: |
# /etc/conf.d/nfs4
# Optional services
NFS_NEEDED_SERVICES=""
# Options to pass to rpc.nfsd
OPTS_RPC_NFSD="-N 2 -N 3"
# Options to pass to rpc.mountd
OPTS_RPC_MOUNTD="-N 2 -N 3"
# Options to pass to rpc.gssd
OPTS_RPC_GSSD=""
# Options to pass to rpc.svcgssd
OPTS_RPC_SVCGSSD=""
# Options to pass to rpc.rquotad (requires sys-fs/quota)
OPTS_RPC_RQUOTAD=""
# Timeout (in seconds) for exportfs
EXPORTFS_TIMEOUT=30
# Options to set in the nfsd filesystem (/proc/fs/nfsd/)
OPTS_NFSD="versions=+4.1 nfsv4leasetime=30 max_block_size=4096"
# Options to pass to lockd (/proc/sys/fs/nfs/)
OPTS_LOCKD="nlm_tcpport=4045 nlm_udpport=4045"
# Sync time before mounting filesystems?
SYNC_TIME="yes"
# NTP server for your domain
NTP_SERVER="ntp.your-domain"
|
client:
| Code: |
#!/sbin/runscript
[ -e /etc/conf.d/nfs4 ] && . /etc/conf.d/nfs4
depend() {
local myneed
if [ -e /etc/fstab ]; then
myneed="$(
awk '!/^[[:space:]]*#/ && ($3 == "nfs4") {
if ($4 ~ /sec=(krb|spkm)/)
gssd = "rpc.gssd"
}
END { print gssd }' /etc/fstab
)"
fi
config /etc/fstab
need net ${myneed}
use ypbind dns rpc.gssd
}
start() {
if [ -e /proc/modules ]; then
if ! grep -qs 'nfs4$' /proc/filesystems; then
modprobe -q nfs
fi
fi
if [ "${SYNC_TIME}" = "yes" ]; then
ebegin "Synchronizing time with NTP server"
ntpdate "${NTP_SERVER}"
eend $?
fi
ebegin "Mounting NFS filesystems"
mount -a -t nfs4
eend $?
}
stop() {
ebegin "Unmounting NFS filesystems"
umount -a -t nfs4
eend $?
}
|
|
|
| Back to top |
|
|
consus
n00b
Joined: 27 Aug 2012
Posts: 38
|
|
| Back to top |
|
|
|
Networking & Security
