You want to view the dynamic TCP/UDP port associated with a Sun-RPC firewall session.
Figure 11-4 shows a topology whereby a host on the
Trust zone of the
Inside_FW firewall mounts an exported filesystem from an NFS server running on the Unix Server located on the
Figure 11-4. Viewing Sun-RPC ALG sessions
The following policies, using the Sun-RPC-Mounted and Sun-RPC-NFS services that rely on the Sun-RPC ALG, permit this connection:
set policy id 86 from Trust to DMZ NFS_Client Unix_Server SUN-RPC-MOUNTD permit logInside_FW->
set policy id 87 from Trust to DMZ NFS_Client Unix_Server SUN-RPC-NFS permit log
The TCP/UDP ports associated with the NFS Mount session are seen here:
get session src-ip 192.168.99.212 dst-ip 172.30.0.46
As discussed in Recipe 7.16, services on Unix hosts that rely on Sun-RPC use a well-known but unique program number as an identifier and register the dynamic TCP/UDP port they are listening on with the portmapper service on that host. The portmapper service runs on TCP/UDP 111.
Hence, a client application that needs to connect to a Sun-RPC service, such as the NFS daemon, first contacts the portmapper service on the server with the particular program number. The portmapper service returns the TCP/UDP port associated with the program number. Then, ...