Re: NFS daemon port numbers for firewall config

To: Taylor R Campbell <campbell+netbsd-tech-net%mumble.net@localhost>, tech-net%NetBSD.org@localhost
Subject: Re: NFS daemon port numbers for firewall config
From: Lloyd Parkes <lloyd%must-have-coffee.gen.nz@localhost>
Date: Sat, 20 Apr 2024 11:59:35 +1200

On Fri, 2024-04-19 at 21:27 +0000, Taylor R Campbell wrote:
> 
> Am I missing any existing way to do this?
> 

Sort of. 

Some firewall implementations can be extended with code that parses the
allowed traffic in order to open up more ports. The traditional example
is active FTP where the control port is well known while the data port
is random and goes the "wrong" way. e.g. NPF calls these "application
level gateways". This code is normally compiled into the kernel.

You could have a portmapper application in your firewall that
dynamically opens RPC ports when it sees permitted portmapper traffic
listing those ports. Getting this right will require thought and
attention to detail.

Most people just stick to using fixed port numbers. Sometimes they use
modest port ranges where a single port might have performance issues.

Ngā mihi,
Lloyd

Follow-Ups:
- Re: NFS daemon port numbers for firewall config
  - From: Hauke Fath
- Re: NFS daemon port numbers for firewall config
  - From: Mouse

References:
- NFS daemon port numbers for firewall config
  - From: Taylor R Campbell

Prev by Date: NFS daemon port numbers for firewall config
Next by Date: Re: NFS daemon port numbers for firewall config
Previous by Thread: NFS daemon port numbers for firewall config
Next by Thread: Re: NFS daemon port numbers for firewall config
Indexes:

Home | Main Index | Thread Index | Old Index