blob: 4c92cacea5ee86577237d739ed124de671de70bf [file] [log] [blame]
.\" Copyright (c) 1987 Sun Microsystems
.\" Copyright (c) 1990, 1991 The Regents of the University of California.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by the University of
.\" California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" from: @(#)portmap.8 5.3 (Berkeley) 3/16/91
.\" $Id: portmap.8,v 1.2 2004/04/03 09:30:21 herbert Exp $
.\"
.Dd Apr 20, 2007
.Dt PORTMAP 8
.Os BSD 4.3
.Sh NAME
.Nm portmap
.Nd
.Tn DARPA
port to
.Tn RPC
program number mapper
.Sh SYNOPSIS
.Nm portmap
.Op Fl d
.Op Fl f
.Op Fl t Ar dir
.Op Fl v
.Op Fl V
.Op Fl i Ar address
.Op Fl l
.Op Fl u Ar uid
.Op Fl g Ar gid
.Sh DESCRIPTION
.Nm Portmap
is a server that converts
.Tn RPC
program numbers into
.Tn DARPA
protocol port numbers.
It must be running in order to make
.Tn RPC
calls.
.Pp
When an
.Tn RPC
server is started, it will tell
.Nm portmap
what port number it is listening to, and what
.Tn RPC
program numbers it is prepared to serve.
When a client wishes to make an
.Tn RPC
call to a given program number,
it will first contact
.Nm portmap
on the server machine to determine
the port number where
.Tn RPC
packets should be sent.
.Pp
.Nm Portmap
must be started before any
.Tn RPC
servers are invoked.
.Pp
Normally
.Nm portmap
forks and dissociates itself from the terminal
like any other daemon.
.Nm Portmap
then logs errors using
.Xr syslog 3 .
.Pp
.Nm Portmap
records all current mapping in the file
.Nm /var/run/portmap_mapping
so that if it gets killed and restarted, it can reload the mapping for
currently active services.
.Pp
Options available:
.Bl -tag -width Ds
.It Fl V
Display version number and exit.
.It Fl d
(debug) prevents
.Nm portmap
from running as a daemon,
and causes errors and debugging information
to be printed to the standard error output.
.It Fl f
(foreground) prevents
.Nm portmap
from running as a daemon,
and causes log messages
to be printed to the standard error output.
.It Fl t Ar dir
(chroot) tell
.Nm portmap
to
.Xr chroot 2
into
.Ar dir .
.Ar dir
should be empty, not writeable by the daemon user, and preferably on a
filesystem mounted read-only, noexec, nodev, and nosuid.
.It Fl u Ar uid
.It Fl g Ar gid
Set the user-id and group-id of the running process to those given,
rather than the compiled-in defaults of DAEMON_UID/DAEMON_GID.
.if 'RPCUSER'' .ig
If neither are set, then
.Nm portmap
will look up the user
.Nm RPCUSER
and use the uid and gid of that user.
..
.It Fl v
(verbose) run
.Nm portmap
in verbose mode.
.It Fl i Ar address
bind
.Nm portmap
to address. If you specify 127.0.0.1 it will bind to the loopback
interface only.
.It Fl l
bind
.Nm portmap
to the loop-back address 127.0.0.1. This is a shorthand for
specifying 127.0.0.1 with -i.
.El
This
.Nm portmap
version is protected by the
.Nm tcp_wrapper
library. You have to give the clients access to
.Nm portmap
if they should be allowed to use it.
.if 'USE_DNS'yes' .ig
To allow connects from clients of the network 192.168. you could use
the following line in /etc/hosts.allow:
portmap: 192.168.
In order to avoid deadlocks, the
.Nm portmap
program does not attempt to look up the remote host name or user name, nor will
it try to match NIS netgroups. As a consequence only network number patterns
(or IP addresses) will work for portmap access control, do not use hostnames.
Notice that localhost will always be allowed access to the portmapper.
You have to use the daemon name
.Nm portmap
for the daemon name (even if the binary has a different name). For the
client names you can only use the keyword ALL or IP addresses (NOT
host or domain names).
..
.if !'USE_DNS'yes' .ig
To allow connects from clients of
the .bar.com domain you could use the following line in /etc/hosts.allow:
.Pp
portmap: .bar.com
.Pp
You have to use the daemon name
.Nm portmap
for the daemon name (even if the binary has a different name). For the
client names you can use the keyword ALL, IP addresses, hostnames or domain
names. Using netgroup names will likely cause
.Nm portmap
to deadlock.
Note that localhost will always be allowed access to the portmapper.
..
For further information please have a look at the
.Xr tcpd 8 ,
.Xr hosts_allow 5
and
.Xr hosts_access 5
manual pages.
.Sh SEE ALSO
.Xr inetd.conf 5 ,
.Xr rpcinfo 8 ,
.Xr pmap_set 8 ,
.Xr pmap_dump 8 ,
.Xr inetd 8 ,
.Xr tcpd 8 ,
.Xr hosts_access 5 ,
.Xr hosts_options 5
.Sh HISTORY
The
.Nm
command appeared in
.Bx 4.3
.Sh AUTHORS
This
manual page was changed by
.An Anibal Monsalve Salazar
for the Debian Project.