Remote Action Call
Remote action alarm (RPC) is a actual accepted apparatus for client-server
applications developed by Sun Microsystems. Abounding applications are congenital on top
of this system, the best important of which are Network Book Arrangement (NFS) and
Network Information Arrangement (NIS), which are acclimated in abounding UNIX networks.
The RPC server is a accumulating of procedures, anniversary of which can be alleged by
a applicant sending an RPC appeal to the server, possibly casual some parameters.
The server runs the appropriate action and sends the after-effects to the client.This
data barter is platform-independent and is encoded application External Data
Representation (XDR) format. Anniversary action is articular by an assigned program
number, which the applicant indicates in the request.The absence correspondence
between affairs numbers and procedures is stored on UNIX hosts in the
/etc/rpc file.To added complicate things, an RPC server can run assorted versions
of anniversary affairs at the aforementioned time. In this case, the adaptation numbers are
added to the request.
On TCP/IP networks, anniversary adaptation of a affairs active on the server is
assigned a TCP and a UDP anchorage (both ports accept the aforementioned number). In adjustment for
this account to be all-encompassing (and because RPC programs do not use aloof port
numbers), there is no anchored accord amid affairs names (or numbers)
and the ports they are active on.The ports are assigned dynamically by a
separate apparition alleged portmapper, which functions as a multiplexing service.
Each affairs has to annals with portmapper in adjustment to be accessible for RPC
calls. Portmapper again affluence a TCP and a UDP anchorage for it.When a client
wants to accomplish a alarm to a alien procedure, it aboriginal queries the portmapper
daemon (which runs on anchorage 111 by default), sending it a affairs number
and accepting the cardinal of a anchorage it runs on.The applicant again connects to this
port and interacts anon with the appropriate program. Figure 4.8 illustrates this
process.
Here, the botheration for a firewall arises back the RPC server is on a more
secure interface; it is simple to set up a aqueduct allowing admission connections
to the portmapper anchorage 111, but it is not accessible to apperceive advanced which
extra ports charge to be opened for admission RPC requests to specific programs.
The PIX does the following:
www.syngress.com
Advanced PIX Configurations • Chapter 4 153
1. It inspects all approachable packets that accept a antecedent anchorage of 111.
2. Back it notices a portmapper acknowledgment with some anchorage number, the PIX
opens beginning TCP and UDP access on this port.
3. The PIX does not audit RPC packets for annihilation else. For example,
it does not attack to construe anchored IP addresses.
This affection is not configurable.
RPC Connection Flow
client port
1050
server port
111
"Tell me the anchorage to
connect to NFS daemon"
server port
34564
client port
1052
The applicant asks the portmapper which
port the NFS apparition is active on.
The applicant establishes a
connection to anchorage 34564
"NFS runs on port
34564"