| .\" Copyright (c) 1987 Sun Microsystems |
| .\" Copyright (c) 1990, 1991 The Regents of the University of California. |
| .\" All rights reserved. |
| .\" |
| .\" Redistribution and use in source and binary forms, with or without |
| .\" modification, are permitted provided that the following conditions |
| .\" are met: |
| .\" 1. Redistributions of source code must retain the above copyright |
| .\" notice, this list of conditions and the following disclaimer. |
| .\" 2. Redistributions in binary form must reproduce the above copyright |
| .\" notice, this list of conditions and the following disclaimer in the |
| .\" documentation and/or other materials provided with the distribution. |
| .\" 3. All advertising materials mentioning features or use of this software |
| .\" must display the following acknowledgement: |
| .\" This product includes software developed by the University of |
| .\" California, Berkeley and its contributors. |
| .\" 4. Neither the name of the University nor the names of its contributors |
| .\" may be used to endorse or promote products derived from this software |
| .\" without specific prior written permission. |
| .\" |
| .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
| .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
| .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| .\" SUCH DAMAGE. |
| .\" |
| .\" from: @(#)portmap.8 5.3 (Berkeley) 3/16/91 |
| .\" $Id: portmap.8,v 1.2 2004/04/03 09:30:21 herbert Exp $ |
| .\" |
| .Dd Apr 20, 2007 |
| .Dt PORTMAP 8 |
| .Os BSD 4.3 |
| .Sh NAME |
| .Nm portmap |
| .Nd |
| .Tn DARPA |
| port to |
| .Tn RPC |
| program number mapper |
| .Sh SYNOPSIS |
| .Nm portmap |
| .Op Fl d |
| .Op Fl f |
| .Op Fl t Ar dir |
| .Op Fl v |
| .Op Fl V |
| .Op Fl i Ar address |
| .Op Fl l |
| .Op Fl u Ar uid |
| .Op Fl g Ar gid |
| .Sh DESCRIPTION |
| .Nm Portmap |
| is a server that converts |
| .Tn RPC |
| program numbers into |
| .Tn DARPA |
| protocol port numbers. |
| It must be running in order to make |
| .Tn RPC |
| calls. |
| .Pp |
| When an |
| .Tn RPC |
| server is started, it will tell |
| .Nm portmap |
| what port number it is listening to, and what |
| .Tn RPC |
| program numbers it is prepared to serve. |
| When a client wishes to make an |
| .Tn RPC |
| call to a given program number, |
| it will first contact |
| .Nm portmap |
| on the server machine to determine |
| the port number where |
| .Tn RPC |
| packets should be sent. |
| .Pp |
| .Nm Portmap |
| must be started before any |
| .Tn RPC |
| servers are invoked. |
| .Pp |
| Normally |
| .Nm portmap |
| forks and dissociates itself from the terminal |
| like any other daemon. |
| .Nm Portmap |
| then logs errors using |
| .Xr syslog 3 . |
| .Pp |
| .Nm Portmap |
| records all current mapping in the file |
| .Nm /var/run/portmap_mapping |
| so that if it gets killed and restarted, it can reload the mapping for |
| currently active services. |
| .Pp |
| Options available: |
| .Bl -tag -width Ds |
| .It Fl V |
| Display version number and exit. |
| .It Fl d |
| (debug) prevents |
| .Nm portmap |
| from running as a daemon, |
| and causes errors and debugging information |
| to be printed to the standard error output. |
| .It Fl f |
| (foreground) prevents |
| .Nm portmap |
| from running as a daemon, |
| and causes log messages |
| to be printed to the standard error output. |
| .It Fl t Ar dir |
| (chroot) tell |
| .Nm portmap |
| to |
| .Xr chroot 2 |
| into |
| .Ar dir . |
| .Ar dir |
| should be empty, not writeable by the daemon user, and preferably on a |
| filesystem mounted read-only, noexec, nodev, and nosuid. |
| .It Fl u Ar uid |
| .It Fl g Ar gid |
| Set the user-id and group-id of the running process to those given, |
| rather than the compiled-in defaults of DAEMON_UID/DAEMON_GID. |
| .if 'RPCUSER'' .ig |
| If neither are set, then |
| .Nm portmap |
| will look up the user |
| .Nm RPCUSER |
| and use the uid and gid of that user. |
| .. |
| .It Fl v |
| (verbose) run |
| .Nm portmap |
| in verbose mode. |
| .It Fl i Ar address |
| bind |
| .Nm portmap |
| to address. If you specify 127.0.0.1 it will bind to the loopback |
| interface only. |
| .It Fl l |
| bind |
| .Nm portmap |
| to the loop-back address 127.0.0.1. This is a shorthand for |
| specifying 127.0.0.1 with -i. |
| .El |
| |
| This |
| .Nm portmap |
| version is protected by the |
| .Nm tcp_wrapper |
| library. You have to give the clients access to |
| .Nm portmap |
| if they should be allowed to use it. |
| .if 'USE_DNS'yes' .ig |
| To allow connects from clients of the network 192.168. you could use |
| the following line in /etc/hosts.allow: |
| |
| portmap: 192.168. |
| |
| In order to avoid deadlocks, the |
| .Nm portmap |
| program does not attempt to look up the remote host name or user name, nor will |
| it try to match NIS netgroups. As a consequence only network number patterns |
| (or IP addresses) will work for portmap access control, do not use hostnames. |
| Notice that localhost will always be allowed access to the portmapper. |
| |
| You have to use the daemon name |
| .Nm portmap |
| for the daemon name (even if the binary has a different name). For the |
| client names you can only use the keyword ALL or IP addresses (NOT |
| host or domain names). |
| .. |
| .if !'USE_DNS'yes' .ig |
| To allow connects from clients of |
| the .bar.com domain you could use the following line in /etc/hosts.allow: |
| .Pp |
| portmap: .bar.com |
| .Pp |
| You have to use the daemon name |
| .Nm portmap |
| for the daemon name (even if the binary has a different name). For the |
| client names you can use the keyword ALL, IP addresses, hostnames or domain |
| names. Using netgroup names will likely cause |
| .Nm portmap |
| to deadlock. |
| Note that localhost will always be allowed access to the portmapper. |
| .. |
| |
| For further information please have a look at the |
| .Xr tcpd 8 , |
| .Xr hosts_allow 5 |
| and |
| .Xr hosts_access 5 |
| manual pages. |
| |
| .Sh SEE ALSO |
| .Xr inetd.conf 5 , |
| .Xr rpcinfo 8 , |
| .Xr pmap_set 8 , |
| .Xr pmap_dump 8 , |
| .Xr inetd 8 , |
| .Xr tcpd 8 , |
| .Xr hosts_access 5 , |
| .Xr hosts_options 5 |
| .Sh HISTORY |
| The |
| .Nm |
| command appeared in |
| .Bx 4.3 |
| .Sh AUTHORS |
| This |
| manual page was changed by |
| .An Anibal Monsalve Salazar |
| for the Debian Project. |