Sun RPC through Pix Ver 6.3(3)

Unanswered Question
Jul 29th, 2007

Hi,

I have a requirement to get Sun RPC through a Pix i have running version 6.3(3).

Is this possible without having to open up a high ports range of ports ?

is there a Fixup command (i cant seem to find one) ?

Any help would be great

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
stuart.jones Mon, 07/30/2007 - 11:51

Jon,

Thanks for the link, there maybe hope...

The host i have initiating the RPC is on a lower security interface to the destination hosts so this appears ok as per the example.

So there is no specific fixup command as such, as i didnt see one listed like on the ohter protocols, is this because it cannot be modified in terms of the port it is always UDP 111 ?

I am slightly confused by the example, if the RPC replies are monitired why was there a need to enter the

access-list acl_out permit udp host 209.165.201.2 host 209.165.201.11 eq 2049

command, shouldnt this of been opened up dynamically by the Pix ?

Thanks

Stu

Jon Marshall Mon, 07/30/2007 - 12:13

Stu

This brings back painful memories :).

In answer to your first question yes i believe it only allows RPC on port 111 which is fine for some versions of unix and not for others eg. Solaris runs rpcinfo and that does not run on port 111.

I am also confused by the example of NFS. I agree with what you say in that i thought the whole point of reading the RPC reply was to dynamically find the ports and open them.

I can see a bit more experimentation coming on. As i say i really didn't find it that reliable.

Could you elaborate on what you are trying to achieve as there may be a better way to do it.

Jon

stuart.jones Tue, 07/31/2007 - 14:20

Jon,

Not sure about what the server guys are doing but they have a mainframe trying to talk to an ACLS server, and i have been told it will use RPC as part of this.

Thanks

Stu

Actions

This Discussion