Table 10-8 port allocation in ito – HP UX B6941-90001 User Manual

Chapter 10

445

Tuning, Troubleshooting, Security, and Maintenance

ITO Security

ITO assigns port numbers dynamically to those processes that are
granted an RPC connection. The port numbers are configurable and are
checked against the range defined in the GUI each time an RPC server
registers itself. Information relating to the assignment of ITO-specific
port numbers may be found in:

❏ the

llbd

(for NCS)

❏ the

rpcd

/

dced

(for DCE)

NOTE

NCS agents will not run on managed nodes where a DCE agent is
installed and running unless NCS support is built into the

rpcd

/

dced

.

Table 10-8 on page 445 lists the ports that ITO requires. For more
information on port restrictions in a firewall environment, see Figure
10-2 on page 449.

Table 10-8

Port Allocation in ITO

If a service request for a port number within the range specified is
refused because none is available, the process will not start. If such an
occurrence arises, you can stop the ITO server processes and use the
utility

/opt/OV/bin/OpC/utils/opc_reset_ports

to delete the

Service

Protocol

Inbound Ports

Outbound Ports

NCS

llbd

UDP

135

above 1023

NCS

glbd

(licensing)

UDP

(broadcast)

above 1023

DCE

rpcd

UDP/TCP

135

above 1023

ftpd

TCP

20 (data transfer)
21 (control)

above 1023

rexecd

TCP

512

below 1023

rlogind

TCP

513

below 1023

telnetd

TCP

23

above 1023

remshd

TCP

514

below 1023

DCE/NCS RPC server processes

UDP/TCP

configurable;
recommended: >1023

above 1023

ITO heartbeat polling

ICMP

-

-