portmap(1M) portmap(1M)
portmap - TCP, UDP port to RPC program number mapper
/usr/etc/portmap [ -vmAbC ] [ -f forkcnt ] [ -a mask,match | -a match ]
portmap is a server that converts RPC program numbers into TCP or UDP
protocol port numbers. It must be running in order to make RPC calls.
When an RPC server is started, it tells portmap what port number it is
listening to, and what RPC program numbers it is prepared to serve. When
a client wishes to make an RPC call to a given program number, it first
contacts portmap on the server machine to determine the port number where
RPC packets should be sent.
After portmap starts, inetd(1M) can register its standard RPC servers.
Options to customize portmap's behavior are read from the file
/etc/config/portmap.options during system initialization. The options
are:
-v Verbose: prints error messages using syslog(3B) when a service fails
or when an unprivileged process or remote host tries to set or unset
a port mapping.
-f forkcnt
Specify the maximum number of child processes to handle broadcast or
multicast requests. The default is 10.
-a mask,match
-a match
This option permits restriction of most of the portmap services to a
subset of hosts or networks. (The portmap null procedure is not
restricted.) The mask, and match arguments are IP addresses in
Internet dot notation (see inet(3N)) that represent masks, hosts or
networks. The mask and match arguments must be separated by a comma
with no intervening whitespace. If mask and the comma are missing,
the argument is interpreted as a Class A, B, or C network number and
the mask is set to the value appropriate for the network's class.
The -a option can be repeated up to 50 times. For each mask and
match specified, the requesting client host's address is logicallyANDed
with mask; if the result equals match, the client's request is
processed. If none of the mask-match comparisons succeed, the
request is rejected. Requests from all of the local host's
addresses are always permitted.
For example, if /etc/config/portmap.options contains
Page 1
portmap(1M) portmap(1M)
-a 255.255.255.0,128.32.199.0
-a 192.0.2.0
-a 255.255.255.255,192.26.51.3
access is restricted to any host on the Class B 128.32.199 subnet or
the Class C 192.0.2 network or to the host with the 192.26.51.3
address. Requests from clients on any other networks are rejected.
-A This option is equivalent to a series of -a options listing all of
the addresses of interfaces on the machine, with their netmasks. It
is convenient for authorizing hosts on directly connected networks
and point-to-point links without explicitly enumerating the
networks. The restrictions defined by -A do not count against the
limit of 50 -a options.
-b This option causes the -a and -A options to apply only to packets
that arrive via multicast.
-m Enable reception of RPC requests sent to portmap's multicast
address, provided their sources meet the restrictions imposed by -a
or -A. Multicast requests received from what should be local
addresses are always ignored. The -a and/or -A options should
always be used with -m on machines that can be reached by multicast
packets from the Internet, such as MBONE feeds. The -b option is
handy with -m on systems shielded from the Internet by firewalls,
where all networks that can be reached via unicast or broadcast are
trusted.
-C Turn on compatibility mode. This will allow local applications to
register with portmap using a network address other than the
loopback address. Applications that do not use the SGI-provided RPC
interfaces to register with portmap may require this option to
function properly. However, use of this option will also introduce
a known security problem.
inetd(1M), rpcinfo(1M).
IRIX Network Programming Guide
If portmap crashes, all servers that use it (for example, nsd(1M), and
inetd(1M)) must be restarted.
P�P�P�Pa�a�a�ag�g�g�ge�e�e�e 2�2�2�2 [ Back ]
|
