I’ve noticed that many people do not realize port 111 and a few other random ports are open on fresh debian installs. It is for the portmap daemon which is needed by RPC based services such as NFS. I barely have any use for NFS, especially on internet facing hosts.
Here we see TCP ports 111, 41394 and UDP ports 111, 742, 48841 are open. Portmap may be marked as secure right now, but it is always best to close up unused ports.
# netstat -nlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2251/portmap tcp 0 0 0.0.0.0:41394 0.0.0.0:* LISTEN 2262/rpc.statd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2490/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2757/exim4 tcp6 0 0 :::80 :::* LISTEN 2818/apache2 tcp6 0 0 :::22 :::* LISTEN 2490/sshd udp 0 0 0.0.0.0:48841 0.0.0.0:* 2262/rpc.statd udp 0 0 0.0.0.0:742 0.0.0.0:* 2262/rpc.statd udp 0 0 0.0.0.0:111 0.0.0.0:* 2251/portmap
Fortunately it is easy to remove (nfs-common relies on portmap, so we need to remove that as well):
# aptitude --purge remove portmap nfs-common
# netstat -nlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2490/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2757/exim4 tcp6 0 0 :::80 :::* LISTEN 2818/apache2 tcp6 0 0 :::22 :::* LISTEN 2490/sshd Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 6113 2454/acpid /var/run/acpid.socket
Now that’s much cleaner!
I’ve always had an issue with Debian Lenny and connecting via ssh or local console (xm console --role udev to the end of your xen-create-image command, and then add extra = ‘xencons=tty1 console=tty1′ to the newly created cfg file in /etc/xen.
# xen-create-image --size 10G --ip 1.2.3.4 --netmask 255.255.255.0 --gateway 1.2.3.1 --hostname newvm --lvm vg --role udev
# echo "extra = 'xencons=tty1 console=tty1'" >> /etc/xen/newvm.cfg
More info can be found at http://wiki.debian.org/Xen under “Additional note for domU on lenny using xen-tools”. Note: I do not follow their guide exactly – this is just what has worked for me.
Installing vmware tools on your vmware guests is a good idea, gives the ability to shut them from the vmware client, you get better disk/network performance, etc.
Install the packages required for the modules build as root:
# aptitude install autoconf automake binutils cpp gcc linux-headers-$(uname -r) make psmisc
In the vSphere client, right click on the guest VM. Go to ‘Guest -> Install/Upgrade VMware Tools’
This will insert a virtual cd to /dev/cdrom, which you then mount:
# mount /dev/cdrom /mnt
Copy the files to /root, umount the virtual CD and extract:
# cp /mnt/VMwareTools-4.0.0-208167.tar.gz /root # umount /mnt # cd /root # tar xvf VMwareTools-4.0.0-208167.tar.gz
Enter the vmware-tools-distrib folder and run the installer script:
# cd vmware-tools-distrib/ # ./vmware-install.pl
The default values are adequate for most cases. For the first question I like to use /usr/local/bin for the binary path, to separate vmware and system binaries. It will automatically set the prefixes for the other paths it uses to /usr/local.
