rpcbind(1M) rpcbind(1M)
rpcbind - universal addresses to RPC program number mapper
/usr/etc/rpcbind [ -mvC ] [ -f forkcnt ] [ -a mask,match | -a match ]
rpcbind is a server that converts RPC program numbers into universal
addresses. It must be running to make RPC calls.
When an RPC service is started, it will tell rpcbind at what address it
is listening, and what RPC program numbers it is prepared to serve. When
a client wishes to make an RPC call to a given program number, it will
first contact rpcbind on the server machine to determine the address
where RPC packets should be sent.
Normally, standard RPC servers are started by port monitors, so rpcbind
must be started before port monitors are invoked.
rpcbind is restricted to users with the root user ID.
Options to customize rpcbind's behavior are read from the file
/etc/config/rpcbind.options during system initialization. The options
are:
-m Enable reception of RPC requests sent to rpcbind's multicast
address.
-v Turn on verbose mode. In this mode, additional debugging and error
information is printed to stderr.
-C Turn on compatibility mode. This will allow local applications to
register with rpcbind using a network address other than the
loopback address. Applications that do not use the SGI-provided RPC
interfaces to register with rpcbind may require this option to
function properly. However, use of this option will also introduce
a known security problem.
-f forkcnt
Ignored by rpcbind. It is supplied to provide command line
compatibility with portmap.
-w When rpcbind receives a SIGINT signal, it saves a copy of its
configuration in /tmp/rpcbind.file. The -w switch causes rpcbind to
warm start and preconfigure itself from this file when it is
started.
-a mask,match
-a match
This option permits restriction of most of the rpcbind services to a
subset of hosts or networks. (The rpcbind null procedure is not
restricted.) The mask, and match arguments are IP addresses in
Page 1
rpcbind(1M) rpcbind(1M)
Internet dot notation (see inet(3N)) that represent masks, hosts or
networks. The mask and match arguments must be separated by a comma
with no intervening whitespace. If mask and the comma are missing,
the argument is interpreted as a Class A, B, or C network number and
the mask is set to the value appropriate for the network's class.
The -a option can be repeated up to 50 times. For each mask and
match specified, the requesting client host's address is logicallyANDed
with mask; if the result equals match, the client's request is
processed. If none of the mask-match comparisons succeed, the
request is rejected. Requests from all of the local host's
addresses are always permitted.
-A This option is equivalent to a series of -a options listing all of
the addresses of interfaces on the machine, with their netmasks. It
is convenient for authorizing hosts on directly connected networks
and point-to-point links without explicitly enumerating the
networks. The restrictions defined by -A do not count against the
limit of 50 -a options.
For example, if /etc/config/rpcbind.options contains
-a 255.255.255.0,128.32.199.0
-a 192.0.2.0
-a 255.255.255.255,192.26.51.3
access is restricted to any host on the Class B 128.32.199 subnet or the
Class C 192.0.2 network or to the host with the 192.26.51.3 address.
Requests from clients on any other networks will be rejected.
If rpcbind crashes, all RPC servers must be restarted.
rpcinfo(1M), portmap(1M)
P�P�P�Pa�a�a�ag�g�g�ge�e�e�e 2�2�2�2 [ Back ]
|
