Binding static port for rpc service

I want to start a RPC server in a specific TCP port.
The default behaviour is that the server chooses some arbitrary port and registers itself with the port-mapper (rpcbind). This is not good for me as I need to work throught a firewall. The first access to the port mapper (port 111) is fine. I don't need to make the client go directly to the my server.
But how to start the server in a specific port?
I read in some news group about openning the socket myself, and then using svctvp_create + svc_reg or the same with TLI, but till now I was not able to put this to work.
Any help will be appreciated.
Regards,
Oren.

Do a man on bind(). This API allows you to bind to a specific port.

Similar Messages

  • Can you specify the port for default services when installing OEG?

    Hi everyone,
    The default installation of OEG 11g uses 8090 port for management services, and 8080 for the virtualized services that you register in the gateway. After installation, you can change the ports by editing gateway's Profile Repository in Policy Studio. But is there a way to specify the port number before/during the installation?
    Thanks,
    Iris

    Hi -
    here are the steps to change the listening port (in 11.1.1.6)
    - Connect to OEG using Policy Studio
    - Click on "Edit Active Configuration"
    - Under "Services", find the default services, and you'll see a listener for port 8080 there. Right-click to edit this.
    - Change the port from 8080 to your desired port. Note that if you've installed the software and running it as a non-root user on Linux, then it will not have permission to bind to a low-number port (like port 80 for instance)
    - Now deploy your change (for 11.1.1.6 hit F6 or click on the "deploy" button which is towards the right of the toolbar in Policy Studio).
    - You may also choose to version your configuration at this point (click on "version" which is beside the "deploy" button and enter a comment about your version).
    Now verify that OEG is listening on your new port. You can see it bind to the new port by looking at the trace [Connect a browser to port 8090 on OEG, login as admin or another user who has rights to view the trace, then click on "Trace"].
    It's a usual practice to configure a new listener on SSL (e.g. on port 443) then to delete that pre-configured port 8080 listener, if you want to only receive traffic over SSL.

  • Problem start a BPM process, No ADF binding is defined for the service.

    Hi,
    I am trying to use oracle.soa.management.facade.Service.request method to start a BPM process.
    The service works fine while being tested using Enterprise Manager. But while I am trying to invoke the service from a java client, exception occurs.
    The Service toString:
    Service {
    name = TechDocModifyProcess.service
    properties = {}
    bindings = [Binding {
    Name = WSBinding
    Type = ws
    Mode = entryPoint
    Properties = null
    WSDL URL = /TechDocModifyProcess.wsdl
    WSDL URL = http://eis-bpm-server.eis.smec-cn.com:8001/soa-infra/services/default/TechDocModifyProject!0.2*soa_fee2a899-b630-4c7c-8bbb-c740d37a1b03/TechDocModifyProcess.service?WSDL
    Below is the java code I used to call the service.
    try {
    NormalizedMessage input = new NormalizedMessageImpl();
    String uuid = "uuid:" + UUID.randomUUID();
    input.addProperty(NormalizedMessage.PROPERTY_CONVERSATION_ID,
    uuid);
    // payload is the partname of the process operation
    input.getPayload().put("creator", "jcooper");
    input.getPayload().put("notificationId", 1L);
    input.getPayload().put("title", "test");
    // process is the operation of the employee service
    NormalizedMessage res = null;
    try {
    svc.post("operation", input);
    } catch (Exception e) {
    e.printStackTrace();
    } catch (ProcessMetadataServiceException e) {
    e.printStackTrace();
    } catch (Exception e) {
    e.printStackTrace();
    Below is the exception stack trace:
    oracle.fabric.common.FabricInvocationException: java.rmi.RemoteException: EJB Exception: ; nested exception is:
         java.lang.RuntimeException: No ADF binding is defined for the service.!
         at oracle.soa.management.internal.facade.ServiceImpl.post(ServiceImpl.java:178)
         at com.smec.eis.bpm.api.SOASvcProvider.main(SOASvcProvider.java:84)
    Caused by: java.rmi.RemoteException: EJB Exception: ; nested exception is:
         java.lang.RuntimeException: No ADF binding is defined for the service.!
         at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
         at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:223)
         at oracle.soa.management.internal.ejb.impl.FacadeFinderBean_4vacyo_FacadeFinderBeanImpl_1035_WLStub.executeServiceMethod(Unknown Source)
         at oracle.soa.management.internal.ejb.EJBLocatorImpl.executeServiceMethod(EJBLocatorImpl.java:837)
         at oracle.soa.management.internal.facade.ServiceImpl.post(ServiceImpl.java:174)
         ... 1 more
    Caused by: java.lang.RuntimeException: No ADF binding is defined for the service.!
         at oracle.soa.management.internal.ejb.impl.FacadeFinderBeanImpl.executeServiceMethod(FacadeFinderBeanImpl.java:982)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
         at com.bea.core.repackaged.springframework.jee.intercept.MethodInvocationInvocationContext.proceed(MethodInvocationInvocationContext.java:104)
         at oracle.security.jps.ee.ejb.JpsAbsInterceptor$1.run(JpsAbsInterceptor.java:94)
         at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
         at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
         at oracle.security.jps.ee.ejb.JpsAbsInterceptor.runJaasMode(JpsAbsInterceptor.java:81)
         at oracle.security.jps.ee.ejb.JpsAbsInterceptor.intercept(JpsAbsInterceptor.java:112)
         at oracle.security.jps.ee.ejb.JpsInterceptor.intercept(JpsInterceptor.java:105)
         at sun.reflect.GeneratedMethodAccessor2129.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
         at com.bea.core.repackaged.springframework.jee.intercept.JeeInterceptorInterceptor.invoke(JeeInterceptorInterceptor.java:69)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
         at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
         at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
         at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
         at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
         at $Proxy411.executeServiceMethod(Unknown Source)
         at oracle.soa.management.internal.ejb.impl.FacadeFinderBean_4vacyo_FacadeFinderBeanImpl.__WL_invoke(Unknown Source)
         at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
         at oracle.soa.management.internal.ejb.impl.FacadeFinderBean_4vacyo_FacadeFinderBeanImpl.executeServiceMethod(Unknown Source)
         at oracle.soa.management.internal.ejb.impl.FacadeFinderBean_4vacyo_FacadeFinderBeanImpl_WLSkel.invoke(Unknown Source)
         at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:668)
         at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

    fusion order demo to the rescue ..
    specify binding.adf within the <service> in composite.xml and you are good to go ..

  • Do I need to open ports for my services if I am connecting through VPN

    Hi,
    I work in a small office and we are trying to connect people remotely to our server through VPN.
    Using the Server App I managed to make VPN work and successfully connected to our file share points, so that means file sharing worked without opening ports for afp on my Airport router.
    On the other side I cant connect to other services as iCal and Address Book as I am locally in the office. Does that mean I have to open the ports for those services on the router, if yes then why use VPN in the first place.
    Thanks,

    If I understood you correctly:
    External client -> (server.domain.name) -> Router -> Server: is working
    Internal client -> (server.domain.name) -> Router -> Server: is not working
    Internal client -> (local ip) -> Server: is working
    If yes, you can implement a-la "split zone DNS".
    1. On the external DNS your domain name server.domain.name resolved to the external router IP.
    2. You should add record (and zone) server.domain.name to your OS X Lion Server DNS pointing to local IP
    When you are connected to VPN, system sets DNS server to your Lion server and server.domain.name is resolving to local IP.
    When you are working without VPN, system use external DNS and server.domain.name is resolving to external IP.
    Of course, you should open ports for your services on the router is you want to use them from external network.
    I am using this configuration and it works perfectly.

  • SQL Server 2012 - 3 SQL clustered instances - one default/ two named instances - how assign/should assign static ports for named instances

    We have two physical servers hosting 3 SQL 2012 clustered instances, one default instance and two named instances.
    The default instance is using port 1433 and the two named instances are using dynamic port assignment.
    There is discussion about assigning static port numbers to the two named clustered SQL instances.
    What is considered best-practice?  For clustered named instances to have dynamic or static ports?
    Are there any pitfalls to assigning a static port to a named instance that is a cluster?
    Any help is greatly appreciated

    Hi RobinMCBC,
    In SQL server the default instance has a listener which listens on the fixed port which is TCP port 1433. And for the named instance the port on which the SQL server listens is random and is dynamically selected when the named instance of the SQL server
    starts.
    For Standalone instance of the SQL server we can change the dynamic port of the named instance to the static port by using SQL server configuration manager as other post, however, in case of the cluster, when we change the port no. of the named instance
    to the static port using the method described above, the port no. again changes back to the dynamic port after you restart the services. I recommend you changing the Dynamic port of the SQL Server to static port 
    on all the nodes , disabling and enabling the checkpointing to the quorum.
    For more information, you can review the following article about how to change the dynamic port of the SQL Server named instance to an static port in a SQL Server 2005 cluster.
    http://blogs.msdn.com/b/sqlserverfaq/archive/2008/06/02/how-to-change-the-dynamic-port-of-the-sql-server-named-instance-to-an-static-port-in-a-sql-server-2005-cluster.aspx
    Regards,
    Sofiya Li
    Sofiya Li
    TechNet Community Support

  • Troubles with configuring static port for Certsrv.msc

    I am trying to use certsrv.msc to connect from my workstation to the CA for administration purposes.  Workstation is Win7, CA is 2008 R2 Enterprise running Enterprise Subordinate on a dedicated box.
    I configured a static DCOM port by following this article, including bouncing the service and also rebooting the CA box:
    http://social.technet.microsoft.com/wiki/contents/articles/1559.how-to-configure-a-static-dcom-port-for-ad-cs.aspx
    The static port was opened in the firewall from my workstation to the CA.  We also found that TCP 445 was required, so that has been opened as well, port 135 & other ports normally needed for autoenrollment should be open.  Sniffing the firewall
    showed that a random high numbered port that is not the static dcom port is being attempted - this is the only port showing dropped packets & no traffic on the static port.  On the CA I ran netstat & 'netstat -a' and am not seeing the static port
    listed anywhere.
    It does not appear to me that the static dcom endpoint is working properly & that it is still randomly assigning ports.  We would greatly prefer to not have the whole range opened for random port assignment.  Any suggestions?  Thanks in
    advance!

    On Fri, 7 Feb 2014 15:28:32 +0000, Steve        F wrote:
    I am trying to use certsrv.msc to connect from my workstation to the CA for administration purposes
    This is not the correct forum for this question. You should repost to:
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserversecurity
    Paul Adare - FIM CM MVP
    "If you think you can have a nice network with ms-windows machines on it,
    you
    haven't run tcpdump yet." -- Alan Rosenthal

  • Dynamic Logical Port for Web Service Client

    Hi *!
    We want to use the same Web Service Client code with different Web Service instances running on different systems. So I need to configure the logical port (especially the URL of the endpoint) dynamically at runtime.
    Please give me a hint, how this is done.
    (we are using WebAS 6.40 SP7)...
    Thanks in advance,
         Frank

    Hi Frank,
    I hope you were able to solve your issue on you own in the meantime.
    I was looking for the answer to this question today. This was the only thread I found on SDN. Unfortunately, it did not contain an answer yet. I was able to figure out a way to set the endpoint address dynamically after searching help.sap.com and after examining the interfaces offered by the Stub (logical port in this case) classes.
    Here's an extract from my code:
    // Connect to JNDI context
    InitialContext ic = new InitialContext();
    // Get reference to web service proxy from JNDI context
    Z_MSC_GET_SCHEDULE_WSDService service =
         (Z_MSC_GET_SCHEDULE_WSDService) ic.lookup("wsclients/proxies/iot-online.de/msc~srv_ejb~proxy/de.iot_online.msc.proxy.ScheduleReaderProxy");
    // Get reference to logical port from web service proxy
    Z_MSC_GET_SCHEDULE_WSD logicalPort = service.getLogicalPort();
    // Set URL of web service Endpoint
    logicalPort._setProperty(Stub.ENDPOINT_ADDRESS_PROPERTY, "http://<FQDN>:8010/sap/bc/srt/rfc/sap/Z_MSC_GET_SCHEDULE_WSD?sap-client=100");
    This is explained on
    http://help.sap.com/saphelp_nwce10/helpdata/en/45/113a1221337249e10000000a155369/frameset.htm
    You can also set the credentials (username / password) with the method _setProperty.
    Best regards
    Christian

  • How To Configure TREX Name Server&Port for UDDI  Service Registry Settings

    Hello Experts,
    we are using CE 7.1 SP 4 and I would like to use the trex service in the Service Registry.
    I use \NWA\Service Registry Configuration\Service Registry Settings\Keyword Search and want to test the TREX Communication using the Test Connection Button.
    If I do so, I receive "Connection to TREX not successful".
    When I press the Update TREX button I receive this exception:
    com.sapportals.trex.TrexException: TREX Name Server (including back-up servers) is down or not accessable. (Errorcode 7217)
    I tried to configure the trex.service with the two parameters: nameserver.address and nameserver.backupserverlist -> tcpip://myhostname.mydomain:30001 (Instance 00).
    I am not sure if the port number is correct -> is there a way to lookup the correct port number?
    Is there something else I should configure?
    Thanks for help, best regards
    Thomas

    Hi Ganesh,
    In order to access the Visual Administrator, go to Start > Programs > SAP J2EE Engine > Visual Administrator. After you login, you will see 2 nodes i.e. Dispatcher and Server. Expand the Server node. Then go to "Services" and expand it. Then go all the way down to "TREX Service". Then on the right hand side, go to the property "nameserver.address" where you will key in "tcpip://<nameserver>:<port>". Then hit "Update" and click on the "Save" button. Then when you go to TRex Monitor, you should be able to see the Name Server running. Hope this helps.
    Thanks,
    Sri
    P.S Please rewards points if you find this helpful. Thanks.

  • Firewall Ports for Web Services

    Hi Experts,
    Can you please list what are the firewall ports to be opened to call a ECC 6.0 system web service from a .Net application, assuming both systems are separated by a firewall
    Thanks in advance
    Regards,
    Krishna

    Hello ,
    Please as far as i know you have to open 4 ports in the ecc system.
    They are
    Message server port =  36<instance number>
    ITS = 80<Instance number>
    Gateway = 33<instance number> -- make sure service entries are maintained (sapgw)
    If you maintain Central SLD - then the specific port needs to be opened. - 5(instance number)00.
    I hope these ports needs to be opened and this is enough,  I believe.
    Vijay.

  • Strange ports for BIA services (rfc, name)

    Hello,
    I have quite an old BIA system running with BI 7.0 SP09.
    In TREXADMIN I see quite strange ports associated with rfc and nameserver services.
    sap41:pago-services1     nameserver
    sap41:30003     indexserver
    sap41:30011     other
    sap41:0     rfc server
    sap42:pago-services1     nameserver
    sap42:30003     indexserver
    sap42:30011     other
    sap42:0     rfc server
    sap43:pago-services1     nameserver
    sap43:30003     indexserver
    sap43:30011     other
    sap43:0     rfc server
    sap44:pago-services1     nameserver
    sap44:30003     indexserver
    sap44:30011     other
    sap44:0     rfc server
    Have anyone seen something like that before?
    Can this be the root cause of the short-dumps on BI side:
    A RAISE statement in the program "SAPLTREX_EXT_ADMINISTRATION" raised the exception condition "UNKNOWN FUNCTION".
    Unfortunatelly, I have no access to stand-alone TrexAdmin on the blades.
    Thanks,
    -Vitaliy

    Vitaliy,
    We have the same scenario.... and to compound it two blades seem to have gone down - unable to start service on the two baldes and the index servers as a result are down  and we do not have access to the blades by themselves...
    Arun

  • Port for shared services in 11.1.1.3 version

    Hello,
    Can anybody confirm what port should be used by shared services 11.1.1.3
    We didnt get any confirmed answer whether it should be 58080 or 28080.
    Thanks

    When you run the first export it will create the import.xml and export.xml template which you can use with the command line utility to automate your process, extract your LCM export and you will see.
    Cheers
    John

  • Risk and Rollback to assigning Static ports.

    Good afternoon.
    We have been using Exchange CAS servers using MSNLB for the past 3 years. Works well for us with a few bugs but now we are upgrading our virtual infrastructure and MSNLB is no longer really an option.  Going through the process I see the requirements
    of using static ports for RPC. I have a couple of questions.
    What is the risk/outtage to users? I understand the RPC Client service gets restarted. Do users need to restart outlook? repair their profile? etc etc
    To make the changes on SP1 and Later (we are SP2) it appears to be just adding the reg key and restarting the service. Is there a rollback procedure ? (delete the key and restart the service?)
    Anyone have any issues in doing this?
    Thanks
    Drew

    We will be using a hardware loadbalancer (coyotepoint) although we are also considering software lbs
    So why the need for static ports? Isnt that just something the vendor recommends?  I have never set static ports with a load balancer myself and its been fine.
    Twitter!:
    Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

  • Can you configure a static port to use with certsrv.msc?

    I am trying to use certsrv.msc to connect from my workstation to the CA for administration purposes.  Workstation is Win7, CA is 2008 R2 Enterprise running Enterprise Subordinate on a dedicated box.
    I configured a static DCOM port for certsvc by following this article, including bouncing the service and also rebooting the CA box:
    http://social.technet.microsoft.com/wiki/contents/articles/1559.how-to-configure-a-static-dcom-port-for-ad-cs.aspx
    The static port was opened in the firewall from my workstation to the CA.  We also found that TCP 445 was required, so that has been opened as well, port 135 & other ports normally needed for autoenrollment should be open.  Sniffing the firewall
    showed that a random high numbered port that is not the static dcom port is being attempted - this is the only port showing dropped packets & no traffic on the static port.
    I am wondering if there is a way to configure a static port for this high-level random port to use with certsrv.msc as I was able to do with the certsvc dcom port?  I am trying to avoid having tens of thousands of network ports wide open going to my
    CA...  Thanks in advance!

    Hi Steve,
    I am sorry that I wasn’t able to find references about restricting certificate services only use one port in the random port range.
    However, we can configure RPC dynamic ports allocation to restrict port range. In the meantime, we should keep at least 100 ports open to keep necessary system services running.
    More information for you:
    How to configure RPC dynamic port allocation to work with firewalls
    http://support.microsoft.com/kb/154596/en-us
    Service overview and network port requirements for Windows
    http://support.microsoft.com/kb/832017/en-au
    Firewall Rules for Active Directory Certificate Services
    http://blogs.technet.com/b/pki/archive/2010/06/25/firewall-roles-for-active-directory-certificate-services.aspx
    Best Regards,
    Amy Wang

  • [SOLVED] NFS Static Ports

    Hi, I just switched over to Arch a couple of days ago.  I have been extremely pleased with this distro, but am confused on one part.  I have an IPCOP firewall setup with dmz pinholes from blue to green for a couple of nfs shares.  For this I have to have the nlockmgr, status, and mountd on static IP's.  In other distros I have followed these steps:
    1. Create the file "/etc/sysconfig/nfs" and add the following contents:
    STATD_PORT=4001
    LOCKD_TCPPORT=4002
    LOCKD_UDPPORT=4002
    MOUNTD_PORT=4003
    2. Append the following to the file "/etc/services":
    rquotad 4004/tcp # rpc.rquotad tcp port
    rquotad 4004/udp # rpc.rquotad udp port
    3. Restart the nfs services
    This does not seem to work in Arch though.  Can someone point me in the right direction to setting these ports to static??
    Thanks
    Last edited by oiad (2010-06-18 04:47:03)

    Yes it works fine. The nfs server, on ipcop's green subnet, has the following in /etc/modprobe.d/* :
    # Static ports for NFS lockd
    options lockd nlm_udpport=2232 nlm_tcpport=2232
    as well as the /etc/conf.d/* settings, which results in this:
    $ rpcinfo -p
    program vers proto port service
    100000 4 tcp 111 portmapper
    100000 3 tcp 111 portmapper
    100000 2 tcp 111 portmapper
    100000 4 udp 111 portmapper
    100000 3 udp 111 portmapper
    100000 2 udp 111 portmapper
    100024 1 udp 2231 status
    100024 1 tcp 2231 status
    100021 1 udp 2232 nlockmgr
    100021 3 udp 2232 nlockmgr
    100021 4 udp 2232 nlockmgr
    100021 1 tcp 2232 nlockmgr
    100021 3 tcp 2232 nlockmgr
    100021 4 tcp 2232 nlockmgr
    100003 2 tcp 2049 nfs
    100003 3 tcp 2049 nfs
    100003 4 tcp 2049 nfs
    100003 2 udp 2049 nfs
    100003 3 udp 2049 nfs
    100003 4 udp 2049 nfs
    100005 3 udp 2233 mountd
    100005 3 tcp 2233 mountd
    'rpcinfo -p <server>' on the client, which is on ipcop's blue subnet', gives the same output. I have setup pinholes for the five ports listed.
    See if the modprobe settings work for you.

  • Securing RPC services with TCP Wrappers

    Hello All,
    I have two node cluster running solaris 10. Since SVM needs few rpc services like metad,metamedd and metamhd, I dont want to disable them. But at the same time, wants to block them from outside world.
    But readme page of TCP Wrappers (http://www.sunfreeware.com/README.tcpwrappers) says "The wrappers do not work with RPC services over TCP. These services are registered as rpc/tcp in the inetd configuration file". And other internet sources says same. So my question is this valid still?. Or it is possible to filter RPC services using TCP Wrappers.
    When I tested this with following entries in /etc/hosts.allow and /etc/hosts.deny, my two nodes did not give any trouble after couple of reboots. SVM is working fine. So I wonder whether RPC services area really blocked (other than the local host) or not.
    Content of /etc/hosts.deny
    ===========================
    rpcbind: ALL : severity debug
    rpc.metad: ALL : severity debug
    rpc.metamhd: ALL : severity debug
    rpc.metamedd: ALL : severity debug
    rpc.metacld: ALL : severity debug
    Content of /etc/hosts.allow
    =======================================
    rpcbind: KNOWN : severity debug
    rpc.metad: localhost : severity debug
    rpc.metamhd: localhost : severity debug
    rpc.metamedd: localhost : severity debug
    rpc.metacld: localhost : severity debug
    Any hints/information regarding this will be really appreciated.

    Hello Mark,
    Sorry that I missed to thank you in your last post.
    If I get it right, The RPC bind program is used to maintain a table of dynamically allocated ports for RPC-based services.
    From internet, "The file /etc/rpc contains a list of network services. Typically, when a remote machine wants to connect to one of those services on your machine, it first issues a query to the rpcbind program running on your computer. It knows the name of the services it wants to connect with, but doesn't know what port number to use. Your rpcbind will respond with a port number. The remote host will then attempt a connection to the specified port."
    Also, Note that blocking rpcbind doesn't block access to the/etc/rpc services altogether. It does block access for those programs which do an rpcinfo query in order to reach those services. So other possible ways also exist to make remote connection without querying. Here lies the problem. I wanted to secure RPC services completely.
    Coming to metad, it is true that ldd will result nothing related to libwrap*. But inetadm tells different story
    inetadm -l /network/rpc/meta | grep -i wrap
    default tcp_wrappers=TRUE
    So encapsulating with tcpd should work for metad and other RPC services, I believe.
    What is your opinion on this?.

Maybe you are looking for

  • How do i get my ipod to play through the beats audio on my HP TS 17?

    My ipod will not play through the built in beats speakers. HP Envy TS 17, what do I need to do?

  • Capture document no after saving a set of data using BDC

    Hi All, Can u give a useful solution  for caputuring data in a transaction.the scenario is:- 1.an excel sheet data should be uploaded in a transaction O3URV_SS0 using BDC.---- done with call transaction 2.it will save all the line items associated wi

  • Multi mapping and File Content Conversion

    Hi, I've created a similar interface to the the one in this blog /people/jin.shin/blog/2006/02/07/multi-mapping-without-bpm--yes-it146s-possible In the Config, I receive a CSV and use FCC in the File Adapter to build the XML file. Because of the mult

  • Replace cd drive in a G4 Xserve

    I have one of the original Xserve with only a cd drive. Can I replace it with a combo or superdrive? It is needed for software installs. If not what is the best way to connect a BOOTABLE DVD drive?

  • How to bring in Buttons half way through?

    Guys, I've managed to get to grips with the basics of DVD Studio 4. But now I'm trying do the following and am struggling - even after reading a couple of books and articles! I have a Motion.mov file, which I am using as a Background. The total time