By default on Debian Lenny the portmap service listens on UDP port 111. For security reasons it could by reasonable to prevent portmap from opening the port if you do not run services like NFS or NIS services that depend on a RPC port mapper like portmap.
One way to to disable the open port is to bind the portmap service to the local loopback by uncommenting the following line in /etc/default/portmap:
OPTIONS="-i 127.0.0.1"
and restarting the portmap service:
# /etc/init.d/portmap restart
To test if the portmap service listens on the public port you can either use netstat:
# netstat -tulpen | grep portmap
# output if portmap is NOT bind to 127.0.0.1
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 0 4166 960/portmap
udp 0 0 0.0.0.0:111 0.0.0.0:* 0 4162 960/portmap
# output if portmap is bind to 127.0.0.1
tcp 0 0 127.0.0.1:111 0.0.0.0:* LISTEN 0 1822373 19764/portmap
udp 0 0 127.0.0.1:111 0.0.0.0:* 0 1822372 19764/portmap
or rpcinfo from a remote client:
# rpcinfo -p YOUR_HOST
Of course you could also remove the portmap package (if there are nor dependencies) or use a firewall to reject connections on port 111.
One response to “Debian Lenny 5.0: Bind RPC port mapper portmap to local loopback”
[…] By default on Debian Lenny the portmap service listens on UDP port 111. For security reasons it could by reasonable to prevent portmap from opening the port if you do not run services like NFS or NIS services that depend on a RPC port mapper like portmap. More here […]