I asked if Legato networker REQUIRES portmapper to be running, as
we've seen some troubling connections to port 111 on our servers.
It seems that it no longer requires it, except on the Legato server.
Thanks to all who replied. Here are some of the responses.
Marco Benton: In theory, NSR doesnt need portmapper...Legato has a document
explaining how newer versions use certain ports and how to configure
those ports for use in a Firewall configuration and such. Only older
versions like 5.1 and under need portmapper from what I remember.
Pat O'Brien: In the old days, yes there was a requirement to have portmapper
running.With the latest versions, I have seen evidence both ways as to this
requirement. It may also be related to the host legato status(server,
storage, or client)
John Speno: I investigated this a while back. You don't need portmap
running. One of Networkers nsrexecd processes is actually its own
portmapper thingy. Networker will register itself with the standard
portmapper if it is running, but that will only be used if it can't
contact its own.
LHERCAUD: As far as I recall...the portmapper is required on the server's side
to allow net clients to detect the server's presence and to connect to it.
I do not think it is required on the client side, although it may be
(especially if you plan to use the storage node functionality on the client
side)
Kevin McDonnell: You should find 2 nsrexecd procs running.
One is resposible for the remote execution the other does the port mapping.
Tom Webster: What you may want to think about doing is installing a better
(at least from a security standpoint) version of the portmapper.
Wietse Venema (yep, same guy who wrote TCPwrappers) has a version
of the portmapper that supports access control lists (numeric
lists only -- DNS would add too much latency). You can find it
at:
ftp://ftp.porcupine.org/pub/security/index.html
Regards,
Judith Reed
Received on Tue Oct 16 2001 - 12:39:04 NZDT