James G. Sack (jim) wrote:
Ralph Shumaker wrote:
James G. Sack (jim) wrote:
96.998%Ralph Shumaker wrote:
No, it was 100% of me that wrote it!
<heh> That looks like some kind of artifact of your email client or
display?
I don't think it's on my end. I received it that way, from you, thru
the list. So, somewhere between you sending and me receiving, inclusive.
Altho, that reminds me, I need to start paying attention to when my ISP
prepends the subject field with "{ SPAM? }" and edit it out in my
replies, like this one.
..
Well, ignoring 127.0.0.1, this is what I get:
# netstat -lnpt
Active Internet connections (only servers)
Proto Local Address Foreign Address State PID/Program name
tcp 0.0.0.0:42944 0.0.0.0:* LISTEN 2156/rpc.statd
tcp 0.0.0.0:111 0.0.0.0:* LISTEN 2135/rpcbind
# netstat -lnpu
Active Internet connections (only servers)
Proto Local Address Foreign Address State PID/Program name
udp 0.0.0.0:659 0.0.0.0:* 2156/rpc.statd
udp 0.0.0.0:43032 0.0.0.0:* 2156/rpc.statd
rpc stuff is because you probably have nfs or nfslock and/or rpcbind
running. Since you don't have other machines on your local net, you
would have no reasons to run nfs or probably anything that might use
rpcbind. You can shut those services off and those open ports would go away.
nfs was not enabled. Stopped nfslock (which stopped rpc.statd). And
stopped rpcbind. Disabled them and saved.
I don't know if they are related, but rpcgssd is enabled and running, as
well as rpcidmapd.
udp 0.0.0.0:68 0.0.0.0:* 18262/dhclient
I don't know (exactly) why dhclient listens, but it probably does no
harm. The dhcp server in your DSL-gateway may send out messages that the
dhclient needs to listen for, maybe.
I'll leave that alone.
udp 0.0.0.0:614 0.0.0.0:* 2135/rpcbind
udp 0.0.0.0:53351 0.0.0.0:* 2536/avahi-daemon:
udp 0.0.0.0:5353 0.0.0.0:* 2536/avahi-daemon:
avahi is supposed to provide some automated network discovery
capabilities (like zeroconf, etc). It is most likely harmless (and low
cost) but most likely useless to you, so yuo could turn off the
avahi-daemon if you wish.
Stopped and disabled (and saved). Thank you.
udp 0.0.0.0:111 0.0.0.0:* 2135/rpcbind
udp 0.0.0.0:631 0.0.0.0:* 2563/cupsd
If you have a network-connected printer, then cupsd is most likely
essential, but if you have a direct-connect (eg, parallel, usb), then
I'm not sure whether it is still needed or not -- I suspect it might be,
though. Let us know what you find out. ;-) I would definitely not want
any firewall forwarding enabled on port 631!
How could I be certain. Test print before and after disabling?
Printing before, worked fine. Then I disabled. Tried to print. The
printer queue(sp?) showed the job, but didn't seem to want to print.
Right-clicking on the job had all options grayed out except for Cancel,
but selecting Cancel would not work until I started cupsd back up. So
it seems to be necessary.
So what should I do about port 631?
udp W.X.Y.Z:123 0.0.0.0:* 15355/ntpd
udp 0.0.0.0:123 0.0.0.0:* 15355/ntpd
udp W::X:Y:Z:123 :::* 15355/ntpd
udp ::1:123 :::* 15355/ntpd
udp :::123 :::* 15355/ntpd
Docs say that "ntpd requires full bidirectional access to the privileged
UDP port 123"
http://support.ntp.org/bin/view/Support/TroubleshootingNTP
but I don't quite see how it would works through a firewall?!?
Perhaps someone will explain that.
Nevertheless, I'm inclined to leave it alone and trust it.
Done.
Columns "Recv-Q" and "Send-Q" for each of the above items is 0.
(Whatever those are.)
One item is showing W.X.Y.Z as my IPv4 address, and another, W::X:Y:Z as
my IPv6 address. Since this info is going to a public list, I figured it
would be better to obscure them. If they are needed for some reason,
pleas let me know.
If the W.X.Y.Z are private IP addresses (eg, 192.168.1.xxx) handed out
by your household dhcp server (in your DSL modem), then there's no
damage by publishing those addresses. Those addresses can't identify you
-- in fact there are probably thousands (or more) who have the same
private IP address as you. Mine is 192.168.9.51 (because I customized my
gateway). The range 192.168.0.xxx and 192.168.1.xxx are very common
private addresses used in residential gateways.
You ofen see an 192,168.122.xxx IPs which is self-assigned by that
zeroconf stuff -- related to what is done by that avahi-daemon. I
believe you have to explicitly unconfigure something to get rid of that,
so I just try to ignore it.
Mine is 68.183.yyy.zzz which doesn't resemble yours. My hostname
currently is netblock-68-183-yyy-zzz, kinda like what Cox does IIRC.
I understand why ntpd would be there, tho I don't understand why it is
there so frequently. Five lines?
I believe the first line is redundant because the second (0.0.0.0) one
includes it by meaning "any ipv4". The ipv6 lines seem to sopecifyh
different things. But this is probably one of those "don't ask why"
situations. :-)
Why? ;)
Why would cupsd be there? I don't think it needs interweb access.
Not web for sure, but it could need access to your LAN, and the daemon
just might need to be running even if LAN access is not needed.
My limited test seems to confirm that.
..
that your ISP is probably dslextreme, so I presume you have a DSL modem
-- it probably has a built-in firewall, but you might log in to it's
administrative interface and make sure you don't have any unexpected
port forwarding allowed.
dslextreme, yes. I don't remember if it has firewall built-in. It says
DSL-2320B on the front of it. dlink.com says its firewalling is:
• MAC Filtering
• Packet Filtering
• Stateful Packet Inspection (SPI)
• User Authentication PAP
• User Authentication CHAP
Per the manual for that modem: Presuming the IP range hasn't been
reconfigured, you probably have an addess 192.168.1.101 (or something
like that) and the gateway itself has IP 192.168.1.1. If you direct your
browser to http://192.168.1.1/ and give the default user/password of
admin/admin (presuming nobody ever changed the factory defaults), then
you should get into the management interface, where you can poke around
a bit.
3 minutes later, fireFox is still trying to load that address. There,
it finally timed out. No go.
..If I'm going to
learn that, I would prefer it be in an environment like an installfest.
That's a great idea!
Thanks. It seems practical. But I don't look forward to lugging my PC
and monitor (and peripherals), disconnecting and reconnecting cables. Oh
well, it wouldn't be the first time.
Well, at least at the NCAS installfest (but not this month --- they're
on summer vacation), you could leave kbd, mouse, monitor home.
Where, and generally when, is that? I know I should know "NCAS", but
I'm drawing a blank.
--
The problem with defending the purity of the English language is that
English is about as pure as a cribhouse whore. We don't just borrow
words; on occasion, English has pursued other languages down alleyways
to beat them unconscious and rifle their pockets for new vocabulary.
--James Davis Nicoll
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
