Re: [gentoo-user] svc: bad direction 268435456 [SOLVED]
On Mon, 2006-06-19 at 07:24 +0200, Ralph Slooten wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matthias Langer wrote:
i've recently set up a local nfs server for my disfiles; to keep the WAN
out i have:
iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport nfs -j DROP
iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport nfs -j DROP
everthing is working fine so far; however, my logs are full with these
messages:
svc: bad direction 268435456, dropping request
any comments ?
I have had this too from quite a while back
(http://blog.axljab.homelinux.org/post/6/). I turned on logging in my
firewall to find out that nfs listens on random ports for UDP
connections. The problem is that the random ports change ;-) In my
firewall *most* of 1024 is open so there isn't much I can do about it.
- From what I noticed it's nobody trying to hack you but rather just
internet static which by coincidence tries a port that your NFS is
listening on. I stopped worrying about it after a while. The option for
NFS to listen only on one interface wasn't then (iirc) an option .. not
sure about now though.
Greetings,
Ralph
Thank you very much .. After adding the following lines to my firewall,
these annyoing messages seem to be gone (at least they did not appear
for one hour now):
iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 1026 -j DROP
iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport 1026 -j DROP
iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 2442 -j DROP
iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 2292 -j DROP
i'm not sure which of these lines acually fixed my problem as i've just
looked at the output of rpcinfo and grabbed all nfs relevant ports from
there.
Matthias
--
gentoo-user@gentoo.org mailing list
Re: [gentoo-user] svc: bad direction 268435456 [SOLVED]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthias Langer wrote: i'm not sure which of these lines acually fixed my problem as i've just looked at the output of rpcinfo and grabbed all nfs relevant ports from there. This will probably fix your problems *until* you restart nfs. # lsof -n -P|egrep UDP|LISTEN|grep rpc\. rpc.statd 19260 nobody4u IPv4 178640062 UDP *:47496 rpc.statd 19260 nobody5u IPv4 178640054 UDP *:780 rpc.statd 19260 nobody6u IPv4 178640065 TCP *:42346 (LISTEN) rpc.mount 19277 root6u IPv4 178640109 UDP *:797 rpc.mount 19277 root7u IPv4 178640112 TCP *:800 (LISTEN) Restart NSF rpc.statd 19433 nobody4u IPv4 178641101 UDP *:47498 rpc.statd 19433 nobody5u IPv4 178641093 UDP *:953 rpc.statd 19433 nobody6u IPv4 178641104 TCP *:42347 (LISTEN) rpc.mount 19450 root6u IPv4 178641148 UDP *:970 rpc.mount 19450 root7u IPv4 178641151 TCP *:973 (LISTEN) Restart again rpc.statd 19534 nobody4u IPv4 178641453 UDP *:47499 rpc.statd 19534 nobody5u IPv4 178641445 UDP *:630 rpc.statd 19534 nobody6u IPv4 178641456 TCP *:42348 (LISTEN) rpc.mount 19551 root6u IPv4 178641500 UDP *:647 rpc.mount 19551 root7u IPv4 178641503 TCP *:650 (LISTEN) I never worked out how to get NSF to only listen on a single interface. Glad you at least now know what was causing the logs. Greetings, Ralph -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) iD8DBQFElp5TCt0ZF9kLPvYRAuLxAJ4/UYqhRdRObf5ZEM7bX5qNZd/ukACfd+rG rEykTTIi6aWPzHRPiG7IjMs= =BKB9 -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] svc: bad direction 268435456 [SOLVED]
On Mon, 2006-06-19 at 14:53 +0200, Ralph Slooten wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthias Langer wrote: i'm not sure which of these lines acually fixed my problem as i've just looked at the output of rpcinfo and grabbed all nfs relevant ports from there. This will probably fix your problems *until* you restart nfs. # lsof -n -P|egrep UDP|LISTEN|grep rpc\. rpc.statd 19260 nobody4u IPv4 178640062 UDP *:47496 rpc.statd 19260 nobody5u IPv4 178640054 UDP *:780 rpc.statd 19260 nobody6u IPv4 178640065 TCP *:42346 (LISTEN) rpc.mount 19277 root6u IPv4 178640109 UDP *:797 rpc.mount 19277 root7u IPv4 178640112 TCP *:800 (LISTEN) Restart NSF rpc.statd 19433 nobody4u IPv4 178641101 UDP *:47498 rpc.statd 19433 nobody5u IPv4 178641093 UDP *:953 rpc.statd 19433 nobody6u IPv4 178641104 TCP *:42347 (LISTEN) rpc.mount 19450 root6u IPv4 178641148 UDP *:970 rpc.mount 19450 root7u IPv4 178641151 TCP *:973 (LISTEN) Restart again rpc.statd 19534 nobody4u IPv4 178641453 UDP *:47499 rpc.statd 19534 nobody5u IPv4 178641445 UDP *:630 rpc.statd 19534 nobody6u IPv4 178641456 TCP *:42348 (LISTEN) rpc.mount 19551 root6u IPv4 178641500 UDP *:647 rpc.mount 19551 root7u IPv4 178641503 TCP *:650 (LISTEN) I never worked out how to get NSF to only listen on a single interface. Glad you at least now know what was causing the logs. Greetings, Ralph Well, i guess this can be done by modifiying the steps described in the follwoing howto: http://gentoo-wiki.com/HOWTO_Share_Directories_via_NFS#Setting_Up_Firewall_.28Server_Side.29 I've not tried that yet, as i don't plan to restart my server in the next few days, but will sooner or later take this into account ... Matthias -- gentoo-user@gentoo.org mailing list
