> |Use sysctl to set sunrpc.min_resvport to 665
> |(IPMI cards use port 664 also)

That sysctl didn't used to be available -- well I can't find it on SL308 
systems.

We make xinetd listen on 623/664 (tcp + udp) which has the 'side effect' 
of causing those ports to be unavailable as local endpoints for sockets 
(we just drop trivial files into /etc/xinetd.d/) which means we only avoid 
*just* those ports.  It also prevents *anything* from using them rather 
than just sunrpc...

Since a port won't get re-used for at least TTL*2 having too few available 
to pick from is another way to run out if they are getting used at a high 
rate... :-(

> We tried this on 10 of the systems.  When I started
> the test loop, it went a little longer before failing,
> then started failing again.
>
> Also I forgot to note that this doesn't happen with ssh.

Another good reason to drop rsh... :-)

  -- Jon