-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 James Pifer wrote: > On Fri, 2005-11-18 at 07:37 -0700, Craig White wrote: > >>On Fri, 2005-11-18 at 09:21 -0500, James Pifer wrote: >> >>>On Fri, 2005-11-18 at 09:36 +0000, Nigel Wade wrote: ...<snip>... > > > > TCP 111 is open. See TCP scan above. > > James > My remembrance of this is so filled with cobwebs that I may be giving bad info. That caveat in place, port 111 (portmap) is a doorman type service. It's job is to suggest another connection (src_port <--> dst_port) to the client. The src_port and dst_port are not easy to predict from a firewall perspective. That info is, however, in the packets of the portmap traffic so many firewalls have RPC support. I think (info circa 2003) that iptables had a patch-o-matic for RPC. I know Checkpoint supports Sun RPC. Check to see if the firewall is blocking the new connection proposed by the portmapper. You can find out what ports this connection was going to be on by doing a tcpdump on port 111 and looking in the data of the packets. Again, sorry if I'm taking you down the rabbit hole here. It has been a while since I had to mess with this. Dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDffdcwJFm2iv+v4gRAgqWAKCMeFTND0fS1Kz/yfZRMW3KMSapZwCfVieG 4fwwW8/OOgrlrgQJMNOVFeI= =mttK -----END PGP SIGNATURE-----
