Ralph Shumaker wrote:
James G. Sack (jim) wrote:
Ralph Shumaker wrote:
nfs was not enabled. Stopped nfslock (which stopped rpc.statd). And
stopped rpcbind. Disabled them and saved.
I don't know if they are related, but rpcgssd is enabled and running, as
well as rpcidmapd.
I guess those are all related (because of the rpc prefix), and all
unnecessary in your setup.
rpcgssd failed to stop, but didn't claim to be running. It was
checkmarked for loading tho.
That is a normal response if you try to stop a service that is not
currently running.
rpcidmapd shut down successfully.
Both said something about NFSv4, which I don't think I'm using. I have
disabled them from starting up again (in runlevel 5 anyway).
If you were using NFSv4 you'd know. It is a very different configuration
than earlier versions.
So what should I do about port 631?
Google-poking shows some clue that it has to do with making (and/or
seeing?) announcements of printer availability on your local network.
Also that it seems to be controlled by
/etc/cups/cupsd
at the lines near
# Show shared printers on the local network.
You might experiment with these, because it seems you have no need for a
udp port being open on 631
I don't know if this helps:
# ll /etc/cups/cupsd.conf*
-rw-r----- 1 root lp 2474 2008-07-01 04:46 /etc/cups/cupsd.conf
-rw-r----- 1 root lp 2474 2008-07-01 04:46 /etc/cups/cupsd.conf.default
# diff /etc/cups/cupsd.conf /etc/cups/cupsd.conf.default
Apparently, I have the default settings (Fedora 8). Being 2474 bytes,
I'm hesitant to include the contents.
No matter, nothing sinister in there.
Mine is 68.183.yyy.zzz which doesn't resemble yours. My hostname
currently is netblock-68-183-yyy-zzz, kinda like what Cox does IIRC.
Oh, that is not a private IP address, it is a public one (accessible
from the internet), so you are right to avoid plastering it all around.
It is visible in your email headers -- but there's not anything you can
do about that, I believe.
So your DSL modem is not doing any NAT.
Which is port forwarding?
No. Network Address Translation (NAT) is basically where any computer on
your local network (LAN) gets the same Internet (routeable, or WAN)
address, and thus looks to be the same box to anyone outside your LAN.
Port Forwarding is when you need to have a particular box on your LAN
exclusively handle traffic requiring a specific port. E.g. you may want
to SSH into your LAN from a remote location.
Assuming you have only one WAN IP address assigned you by your ISP, you
would only be able to address any given box on your LAN by the one WAN
IP address. Port Forwarding allows you to route the SSH packets to
whichever box you've designated as being basically your SSH server.
It's a means of getting certain service packets to the right box even
though there is only one IP address for you available to the rest of the
world.
Someone else can give you the painful details or correct me on all that,
but that's my simple-minded way of describing it.
The DSL management interface may or may not be accessible, though.
Here's what I would try:
# ifconfig eth0:1 192.168.1.99
# ping 192.168.1.1
if ping works, point your browser at http://192.168.1.1, and poke around.
What the above is, is an ethernet "alias" which behaves like another
interface working through the same hardware and ethernet wiring.
Yep, that did the trick. I'm in. Now I need to regress in this thread
since what you suggested has either been snipped or I'm just not seeing it.
If I found it, you suggested looking for unexpected port forwarding. I
don't know where to look for that. There seems to be a _lot_ in there.
But I did find a list of services:
☐ FTP
☑ HTTP
☑ ICMP
☑ SNMP
☑ TELNET
☑ TFTP
If you are not running servers for any of the above, then none of those,
except ICMP should be checked. Especially Telnet (use SSH instead if
needed) and TFTP. This assumes that those settings actually refer to
Port Forwarding, which I doubt. I think they just allow those packets
through, suggesting your modem does do some very basic firewalling?
The check mark in ICMP is grayed out, suggesting that I can NOT change it.
No harm.
If there *is* anything anywhere in there about port forwarding, it
eluded me.
It will go away on next boot, or if desired you can get rid of it by
# ifconfig eth0:1 0.0.0.0
I see no harm in leaving it. In fact, how can I make it survive a reboot?
Should one?
--
Best Regards,
~DJA.
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
