Solved

localhost to localhost udp port 111 unreachable - I don't use any rpc ?!

Posted on 2004-08-12
6
1,095 Views
Last Modified: 2008-03-17
I have a Linux Server which has been running fine for years, but when I did a tcpdump to log a day I noticed something strange :

14:47:09.307333 127.0.0.1.1003 > 127.0.0.1.111: udp 56
14:47:09.307333 127.0.0.1.1003 > 127.0.0.1.111: udp 56
14:47:09.307333 127.0.0.1 > 127.0.0.1: icmp: 127.0.0.1 udp port 111 unreachable [tos 0xc0]
14:47:09.307333 127.0.0.1 > 127.0.0.1: icmp: 127.0.0.1 udp port 111 unreachable [tos 0xc0]

The server is used for DNS, web (http and ftp).  If anyone has any idea of what I might have misconfigured, or how I can disable the port 111 requests?

Thanks in advance,

Me
0
Comment
Question by:Omnilabo
6 Comments
 
LVL 14

Expert Comment

by:pablouruguay
ID: 11783552

maybe with iptables?

iptables -A INPUT -s0/0 --sport 111 -j REJECT or DROP
iptables -A OUTPUT -d 0/0 --dport 111 -j REJECT or DROP
0
 

Author Comment

by:Omnilabo
ID: 11783898
Erm,   I have no firewall set up on the Server.  Thank you for pointing that out.  

Now, back to what my question really was:

Why does my server try to connect to itself using port 111 ?


Nothing to see in the netstat :

Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:81              0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:23              0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      
tcp        0     96 1.2.3.4:22        192.168.1.68:1949       ESTABLISHED
tcp        1      0 1.2.3.4:19526     213.130.130.203:25      TIME_WAIT  
tcp        1      0 1.2.3.4:110       80.200.15.86:2199       TIME_WAIT  
tcp        1      0 1.2.3.4:110       192.168.1.241:1055      TIME_WAIT  
udp        0      0 127.0.0.1:53            0.0.0.0:*                          
udp        0      0 1.2.3.4:53        0.0.0.0:*                          
udp        0      0 0.0.0.0:53              0.0.0.0:*                          
raw        0      0 0.0.0.0:1               0.0.0.0:*                          

(real ip adress changed to 1.2.3.4 for obvious reasons)

0
 
LVL 40

Expert Comment

by:jlevie
ID: 11785383
111/udp is the portmapper, which is used by NFS and other things that use RPC. The localhost traffic doesn't present a security risk as the kernel will ensure that the localhost IP (127.0.0.1) can't be abused from outside. This of course presumes that your Linux system is fully up to date w/respect to the vendor's security updates.

If you don't use NFS or anything else that needs RPC services you can disable the portmapper. But even if you do you really need all security updates in place and should have a very tight firewall running.  The IPtables firewall that I use on RedHat servers can be seen at http://www.entrophy-free.net/tools/iptables-host
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Omnilabo
ID: 11790754
I tried not loading NFS at startup, but I got one extra error message

08:36:01.007316 127.0.0.1.957 > 127.0.0.1.111: udp 56
08:36:01.007316 127.0.0.1.957 > 127.0.0.1.111: udp 56
08:36:01.007316 127.0.0.1 > 127.0.0.1: icmp: 127.0.0.1 udp port 111 unreachable [tos 0xc0]
08:36:01.007316 127.0.0.1 > 127.0.0.1: icmp: 127.0.0.1 udp port 111 unreachable [tos 0xc0]
08:36:01.447316 127.0.0.1.1229 > 127.0.0.1.512: udp 34
08:36:01.447316 127.0.0.1.1229 > 127.0.0.1.512: udp 34
08:36:01.447316 127.0.0.1 > 127.0.0.1: icmp: 127.0.0.1 udp port 512 unreachable [tos 0xc0]
08:36:01.447316 127.0.0.1 > 127.0.0.1: icmp: 127.0.0.1 udp port 512 unreachable [tos 0xc0]
0
 
LVL 17

Accepted Solution

by:
owensleftfoot earned 500 total points
ID: 11791284
"service portmap stop"  at the console followed by "chkconfig portmap off" (both commands without the quotes) should do the trick.
0
 

Author Comment

by:Omnilabo
ID: 11791463
Ahh, thanks.  You might ask why I did just the oppsite of that, well I just try to see what it should do.  I checked if portmap gets loaded at startup (rc?.d folders).  To my amazement it is not loaded in the third 'stage'.  So I added it and now the server seems to be happely communicating to itself (why; I don't know.)

11:52:13.577334 localhost.1014 > localhost.sunrpc: udp 56
11:52:13.577334 localhost.1014 > localhost.sunrpc: udp 56
11:52:13.577334 localhost.sunrpc > localhost.1014: udp 28
11:52:13.577334 localhost.sunrpc > localhost.1014: udp 28


0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question