Minor rpc question ....

William A. Mahaffey III wam at hiwaay.net
Sun Nov 2 15:10:48 UTC 2014 

On 11/02/14 08:45, Ian Smith wrote:
> In freebsd-questions Digest, Vol 543, Issue 7, Message: 3
> On Sat, 01 Nov 2014 19:04:29 -0500 "William A. Mahaffey III" <wam at hiwaay.net> wrote:
>   > .... I have ruptime installed & running on my LAN boxen. When I query
>   > from various boxen, such as an Intel Q6600 based server, I see:
>   >
>   > [wam at Q6600, ~, 6:59:57pm] 1173 % ruptime
>   > INDIGO      down     ??:??
>   > Opty165A    down 976+08:10
>   > Q6600         up 298+09:30,     6 users,  load 0.13, 0.07, 0.06
>   > V8          down     ??:??
>   > athloncube    up  44+22:38,     4 users,  load 0.08, 0.03, 0.05
>   > centos-5      up  41+09:48,     3 users,  load 0.03, 0.04, 0.01
>   > kabini1       up      0:25,     1 user,   load 0.02, 0.21, 0.26
>   > opty165a      up 298+09:30,     0 users,  load 0.00, 0.00, 0.00
>   > [wam at Q6600, ~, DING!] 1174 %
>   >
>   > However, when I query from this box, I see:
>   >
>   > [wam at kabini1, ~, 6:44:52pm] 297 % ruptime
>   > kabini1                    up      0:25,     1 user,   load 0.02, 0.21, 0.26
>   > [wam at kabini1, ~, DING!] 298 %
>   >
>   > i.e. only this box shows up. I expect to see at least other
>   > still-running boxen listed, maybe not defunct (such as V8 & INDIGO) ....
>   > Config issue ? Bug ? Pilot error ? Please advise ....
>   >
>   > BTW:
>   >
>   > [root at kabini1, /etc, 6:51:24pm] 323 % uname -a
>   > FreeBSD kabini1.local 9.3-RELEASE-p3 FreeBSD 9.3-RELEASE-p3 #0: Mon Oct
>   > 20 15:08:33 UTC 2014
>   > root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
>   > [root at kabini1, /etc, 7:04:07pm] 324 %
>
> Just checking: you have 'rwhod_enable="YES"' in /etc/rc.conf, rwhod(8)
> is running, and port 513/udp traffic is open both ways in any firewall?

Yes, yes, & .... not sure. I disabled logging of firewall traffic on 
ports 111,137,138 & 513 in my rc.conf (they were swamping my log file). 
I just changed that logging to allow port 513. I see no mention of that 
port or service-by-name in my ipfw file, which is the box-stock file w/ 
mods to allow NFS, otherwise supposedly stock workstation. see:

[root at kabini1, /etc, 9:07:35am] 340 % ipfw show
00100    704   110724 allow ip from any to any via lo0
00200      0        0 deny ip from any to 127.0.0.0/8
00300      0        0 deny ip from 127.0.0.0/8 to any
00400      0        0 deny ip from any to ::1
00500      0        0 deny ip from ::1 to any
00600      0        0 allow ipv6-icmp from :: to ff02::/16
00700      0        0 allow ipv6-icmp from fe80::/10 to fe80::/10
00800      2      152 allow ipv6-icmp from fe80::/10 to ff02::/16
00900      0        0 allow ipv6-icmp from any to any ip6 icmp6types 1
01000      0        0 allow ipv6-icmp from any to any ip6 icmp6types 
2,135,136
01100      0        0 check-state
01200  11697   679930 allow tcp from me to any established
01300 112670 62773943 allow tcp from me to any setup keep-state
01400  21809  1723308 allow udp from me to any keep-state
01500    127    12036 allow icmp from me to any keep-state
01600      0        0 allow ipv6-icmp from me to any keep-state
01700      0        0 allow udp from 0.0.0.0 68 to 255.255.255.255 
dst-port 67 out
01800      0        0 allow udp from any 67 to me dst-port 68 in
01900      0        0 allow udp from any 67 to 255.255.255.255 dst-port 
68 in
02000      0        0 allow udp from fe80::/10 to me dst-port 546 in
02100      1      148 allow icmp from any to any icmptypes 8
02200      0        0 allow ipv6-icmp from any to any ip6 icmp6types 128,129
02300   1858   104048 allow icmp from any to any icmptypes 3,4,11
02400      0        0 allow ipv6-icmp from any to any ip6 icmp6types 3
02500  18777 23476935 allow tcp from 192.168.0.0/16 to me
65000   1795   424041 count ip from any to any
65100   1371   269257 deny { tcp or udp } from any to any dst-port 
111,137,138,513 in
65200    424   154784 deny { tcp or udp } from 192.168.0.0/16 to me
65300      0        0 deny ip from any to 255.255.255.255
65400      0        0 deny ip from any to 224.0.0.0/24 in
65500      0        0 deny udp from any to any dst-port 520 in
65500      0        0 deny tcp from any 80,443 to any dst-port 1024-65535 in
65500      0        0 deny log logamount 5000 ip from any to any
65535      0        0 deny ip from any to any
[root at kabini1, /etc, 9:10:10am] 341 %

w/ port 513 obviously being denied. However, I don't know where that is 
happening :-/ & I thought rule 02500 would let all local traffic through 
....

>
> If so, you possibly want to use the -a switch on both ruptime and rwho.
>
> cheers, Ian
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>


-- 

	William A. Mahaffey III

  ----------------------------------------------------------------------

	"The M1 Garand is without doubt the finest implement of war
	 ever devised by man."
                            -- Gen. George S. Patton Jr.

More information about the freebsd-questions mailing list